Statement from Avita:
BUCYRUS/GALION/ONTARIO— On Wednesday, February 9, 2022, Avita Health System detected and shut down a network security incident. Upon discovering the unauthorized activity, our IT professionals – along with third-party forensics and cybersecurity experts – immediately secured our systems and began restoring operations to a secure and patched network environment.
Avita’s electronic medical records system was not affected by this incident. At this time, we see no evidence that patient information has been removed from our system. Currently, our healthcare system uses computer shutdown procedures to continue caring for patients. We apologize for the operational disruption this event has caused and may continue to cause until a full and safe restoration of services is complete. We are currently restoring our data securely in accordance with our business continuity and incident response plans, and we are working to complete this process as quickly as possible. We expect our systems to be fully restored within days.
With the active management of a reputable endpoint detection and response (EDR) tool, we were able to immediately secure the environment and stop the unauthorized activity from spreading. We have also closed some systems as a precaution. Our in-house IT staff and third-party incident response team are currently using the EDR tool to further secure the environment and ensure the network is contained.
While these types of situations have become all too common nationwide, we recognize the significance of this event and have quickly taken appropriate action to address it. Our in-depth investigation is ongoing and this aspect of the incident response may take several weeks. Rest assured that we are committed to sharing more information as it becomes available.