The phones at Stern Cardiovascular network were operating Monday but staff still did not have Internet access to computerized medical records, a situation that has stymied the 18-clinic network for a week and affected thousands of patients.

In a statement late Monday, Stern CEO Debbie Eddlestone said the problem was under investigation, noting that Stern does not believe patient data was breached, “and we’re doing everything we can to make sure it remains that way.

“Patient care is continuing as normal. Also, our medical team continues to be accessible to patients. If patients have any questions about their care or next visit, they can call our office,” she said. 

Fed offers mixed look on Memphis economy

A cybersecurity expert in California who read about the Stern issues over the weekend suspects ransomware, saying hackers have likely encrypted the data and are holding Stern “helpless” until it pays.

“The amount of time it’s been down just tells me that the local response teams, the FBI or somebody else, has come in to play their part,” said Ajay Jotwani, co-founder of i2Chain Inc. in San Francisco.

Shutting down the Internet would help “protect the information from going out any further,” he said.

Eddlestone would not discuss the investigation, including whether the FBI was involved, and the FBI would neither confirm nor deny any involvement.

Monday, after her friend had tried numerous times to make an appointment by phone and kept being disconnected, Carol Durdin decided to drive to Stern’s Southaven office to see what was going on.

Stern clinic computer system hacked, lost phone, internet

“They are still offline,” Durdin said. “They still don’t have records, but they were seeing patients, and that was pretty much on a walk-in basis. They were seating people in the waiting room.”

The parking lot, which is generally “packed,” she said, was less than half full.

When Durdin said she explained how important it was that her friend be seen, a woman at the reception desk made a note on a sticky pad and said she would give the information directly to the physician’s nurse.

Last week, the practice did not have phone or internet access. 

On Friday, Sept. 9, Stern notified employees the company had been hacked in notices it handed out in person because there was no email.

Tenacity and creativity are secrets of success

Several doctors within the practice said they were using their own cellphones and relying on the practice’s answering service to communicate with patients.

Eddlestone could not predict when the issues would be resolved, “but what I can tell you is we are conducting a thorough investigation, which may take some time.

“In the meantime, our staff will continue to be accessible to patients. Their health and safety remain our top concerns. ... If patients have any questions about their care or next visit, they can call our office. Our staff will follow up with them promptly.”

The length of time Stern has been hobbled could be an indication of the outrageousness of the hackers’ demands, Jotwani said. 

He suspects Stern can still operate without internet access for a short period of time.

“But just imagine if this were a hospital,” he said, “there would be no way you could have this inability to access data for a week.”