The Call That Changed Everything
It was approaching midnight on a Sunday when the emergency room called. The charting system was down. What happened next would determine whether a 100-bed community hospital in Florida’s panhandle would become another ransomware statistic-or a story of disaster averted.
Jamie Hussey had been IT director at Jackson Hospital in Marianna, Florida, for over 25 years. That Sunday night in January 2022, he got a call from the emergency room: they couldn’t connect to the charting system that doctors use to look up patients’ medical histories.
Hussey investigated and quickly realized this wasn’t a routine technical glitch. The charting software, maintained by an outside vendor, was infected with ransomware. And he didn’t have much time to keep it from spreading.
Take Our 2-Minute Security Assessment Now >>
The Decision
Hussey made a call that required both experience and courage: shut down the hospital’s computer systems. Immediately.
“If we hadn’t stopped it, it probably would’ve spread out through the entire hospital,” Hussey later told CNN.
On his advice, Jackson Hospital disconnected its systems from the network. Hospital staff ditched the electronic records and reverted to pen and paper to keep the hospital running. Patient care wasn’t disrupted.
“Lock It Down and Piss People Off”
Shutting down hospital computer systems isn’t a popular decision. Doctors can’t access patient histories electronically. Nurses can’t check medication interactions. The entire workflow that healthcare workers depend on simply stops.
But Hussey understood the alternative was far worse.
“Lock it down and piss people off,” he said, describing his philosophy. “It’s what you have to do just to secure your network.”
Staff implemented “downtime procedures”-contingency plans for exactly this situation. Physician notes were written by hand. Prescriptions were processed manually. The hospital kept running.
What They Were Up Against
The ransomware was identified as Mespinoza, a strain that had already racked up 190 victim organizations worldwide, including several in healthcare. The U.S. Department of Health and Human Services had issued an advisory about the group just the week before.
The attackers had encrypted a computer server that Jackson Hospital used to store organizational documents. Hussey’s team had to determine whether any patient data was in those files.
But the rapid shutdown had worked. The ransomware was contained before it could spread to the hospital’s core systems.
What followed was meticulous work. Hussey’s IT team-about a dozen people serving a 600-person staff-went through every system in the hospital, checking each one for infection before bringing it back online.
They physically disconnected the electronic health records system from the rest of the network to examine it separately. They verified that no malicious code was hiding anywhere in the infrastructure.
“The new guy I just hired is a cybersecurity graduate,” Hussey noted during the recovery. “We broke him in really early.”
By Wednesday, most systems were coming back online. The ER charting system was expected to remain offline through the rest of the week. The FBI was investigating, and cybersecurity consultants were supporting the recovery.
But the hardest decision-the one that mattered most-had already been made at midnight on a Sunday.
What This Story Teaches Us
Jackson Hospital isn’t a massive health system. It’s a 100-bed community hospital. But that didn’t make it any less of a target. Ransomware attackers target opportunity, not size.
Several things went right that night:
Someone noticed immediately. The ER reported the charting system issue right away. That early alert gave Hussey the time he needed to act.
The right person was reachable. Hussey was available and responded immediately. Not every organization has leadership accessible at midnight on a Sunday.
He made a hard decision fast. Shutting down systems requires confidence and the willingness to accept short-term disruption to prevent long-term disaster.
The team was prepared. The hospital had downtime procedures ready. Staff knew how to operate without electronic systems. That preparation made the shutdown survivable.
Experience mattered. Twenty-five years at the same organization meant Hussey knew the systems, knew the risks, and knew what was at stake.
The Question for Your Organization
If ransomware hit your systems tonight, would someone notice in time? Would the right person be reachable? Would they have the authority-and the courage-to shut everything down?
Most importantly: does your team know what to do when the computers stop working?
The answers to these questions determine whether you become a cautionary tale or a story of disaster averted.
Take Our 2-Minute Security Assessment
centrexIT has protected San Diego businesses since 2002. If you’re not sure whether your organization could survive a midnight ransomware attack, let’s find out together.
Sources
• CNN Politics: “‘Lock it down and piss people off’: How quick thinking stopped a ransomware attack from crippling a Florida hospital” (January 16, 2022)
• U.S. Department of Health and Human Services: Mespinoza Ransomware Advisory (January 2022)