Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance

Ransomware Attack on Rural Hospital Disrupts Services

Campbell County Health in Wyoming Sending Patients to Other Hospitals Many Miles Away
Ransomware Attack on Rural Hospital Disrupts Services
A ransomware attack on Campbell County Health in Wyoming has caused patient care disruptions in recent days.

A ransomware attack late last week on a county hospital in rural Wyoming was still causing patient care disruptions on Monday. Some patients were sent more than 125 miles away to other area hospitals for treatment.

See Also: Live Webinar | Unlocking CIAM - the secret to balancing frictionless registration and high data integrity

Campbell County Health, which include Campbell County Memorial Hospital, a 90-bed area trauma facility in Gillette, Wyoming, discovered the ransomware attack Friday morning.

In a statement posted Friday, the organization said all of its computer systems had been affected by the ransomware attack, "which impacts the organization's ability to provide patient care. The appropriate authorities have been notified, and efforts are underway to restore the affected systems."

Since the attack, Campbell County Health has been periodically updating its website about the impact the ransomware attack has had on the hospital's patient care services.

Service disruptions on Friday included stopping the admission of new patients to the hospital as well as the cancellation of some surgeries. Patients also were turned away for outpatient laboratory testing, respiratory therapy and radiology exams or procedures.

"Patients presenting to the emergency department and walk-in clinic will be triaged and transferred to an appropriate care facility if needed," the organization's website statement said Friday.

By Sunday, the hospital said it was continuing to have service disruptions. "However, the emergency medical services, the emergency department, maternal child and the walk-in clinic are open to assess patients and treat or transfer patients as appropriate," the website noted.

"It is advised to call to confirm your appointment prior to going in. All patients are also asked to bring medication bottles with them to their appointment."

By Monday morning, the hospital had still either cancelled or rescheduled patient services in several departments, including endocrinology, radiation oncology, cardiac rehab, radiology, respiratory therapy, and sleep clinic services, plus surgery at the main hospital and at its Powder River surgery center.

Transferring Patients

A Campbell County Memorial spokeswoman tells Information Security Media Group that the rural hospital will sometimes send certain trauma or other seriously ill patients to one of several other hospitals in Wyoming, Montana or South Dakota depending on a patient's health circumstances.

The ransomware attack, however, triggered Campbell County Health sending more patients than usual to other hospitals, especially to Sheridan Memorial Hospital about 125 miles away.

Some patients who had already been admitted to the hospital before the ransomware attack are still being treated as inpatients, except in some situations where a patient's level of care needed to be elevated, she says. In those cases, some patients were moved to other facilities, the spokeswoman says.

As of Monday afternoon, Campbell County Health had not provided ISMG with an estimate of the number of hospital patients sent to other facilities for care or the number of patients who needed to be rescheduled for non-urgent care due to the ransomware attack.

Sheridan Memorial Hospital did not immediately respond to an ISMG request for comment.

Planning for Disasters

A spokeswoman for Johnson County Health, a 25-bed rural critical access hospital in Buffalo, Wyoming, about 65 miles from Campbell County Memorial, tells ISMG that the hospital has admitted at least one emergency room patient so far who would have otherwise been treated at Campbell County Memorial.

"We prepare for every kind of disaster," says the Johnson County Health spokeswoman. "In Wyoming, and other rural areas, one big [traffic] wreck can have a big impact, including needing to divert patients. But now ransomware has become one of those disasters to plan for and to practice for. We do that for all kinds of emergencies."

Dustin Hutchison, a partner at IT security consulting firm Pondurance. says hospitals need to have a plan for where to send patients in crises, including after ransomware attacks. "Hospitals that are part of a larger organization will usually focus on diverting patients to hospitals within the same organization, but agreements should also be established with other organizations within a geographical area to ensure additional capacity in the event of a more widespread attack," he says.

In addition to the patient coordination, information sharing related to the ransomware attack is beneficial to potentially help reduce the likelihood that the receiving hospital is also affected, he adds. "When the plans to divert patients are put in place between multiple hospitals, under the same organization or not, an agreement related to timely information sharing should also be established," he says.

Statewide Coordination

Wyoming's Homeland Security Office is coordinating with state, local and federal officials on a response and investigation into the Campbell County Memorial Hospital ransomware attack, an office spokeswoman tells ISGM. The office as of Monday has not received reports of any other recent ransomware attacks on Wyoming hospitals, she says.

Campbell County Memorial is working with an outside IT security firm to remediate the situation, but it has no timeline yet for when services will be fully restored, a hospital spokeswoman said. The hospital would not comment on whether it has paid a ransom to unlock its systems, she added.

Until the hospital has regained full access to its electronic health records system, "we've reverted back to the old fashioned way of keeping records - paper," she says.

Other Attacks

Ransomware and other cyberattacks have caused serious disruptions to patient care in recent years.

That includes high-profile ransomware attacks in 2016 on Hollywood Presbyterian Medical Center in California, and MedStar Health, a 10-hospital system serving Maryland and the Washington area.

All signs point to attacks on healthcare sector entities continuing to surge, says Caleb Barlow, CEO of security consulting firm CynergisTek.

"There are even some signs that nation-state actors are leveraging ransomware attacks to fuel some of their efforts," he says. "The good news is that these kinds of attacks are preventable, and, more importantly, knowing how to respond can make all the difference."

With healthcare entities and local governments being in the crosshairs of recent ransomware attacks - does that put public hospitals even more at risk?

"I think this is less a matter of public hospitals being higher risk than typically having less resources," says former healthcare CIO David Finn, executive vice president at CynergisTek.

"That will put you at higher risk but not because they are more targeted but [rather] less equipped. This comes down to the age old issue of cybersecurity not being an IT or a security issue. It is a business issue. Providers, regardless of how they are funded, absolutely have to prioritize cybersecurity"


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.