Skip to main content

Health IT Security
By Jessica Davis | 9/23/2019

Since Friday morning, Campbell County Health in Gillette, Wyoming has been working to restore its computer systems and full patient care after falling victim to a ransomware attack.

Campbell County Health in Gillette, Wyoming fell victim to a ransomware attack early Friday morning, which has continued to disrupt patient care for last few days.

According to officials, the cyberattack began around 3:30 AM on Friday and caused “serious computer issues” that resulted in service disruptions, such as a lack of outpatient lab, respiratory therapy, or radiology exams. Some surgeries were canceled, and CCH stopped accepting new inpatient admissions.

Patients that arrived at the emergency department or walk-in clinic on Friday were triaged and transferred to appropriate care facilities, if the situation warranted it. Officials said phone systems remained operational. However, they could not estimate when services would be restored.

By 2PM officials reported the cyber event was ransomware, and authorities were notified. Employees were told to call their managers, while patients were told to call ahead of their appointment to see if they were still scheduled during the ongoing attack.

“We have processes in place to continue to treat inpatients appropriately and safely,” said Colleen Heeter, CCH chief operating officer, said in a statement.

“Campbell County Health is very concerned about the security of information and the safety of our patients and employees,” officials said in a statement. “We understand the concern that the community has regarding this as well.”

Patients continued to receive safe care during the attack, as officials said they worked with regional facilities to transfer patients if CCH was unable to provide adequate care. The emergency department has remained open with full staff during the event to evaluate care needs.

What’s more, CCH Emergency Medical Services placed additional ambulances on call to serve the patients. Officials said they are working with local, state, and federal authorities to address the ransomware, while city officials, Campbell County Commissioners, and Campbell County Emergency Management are supporting CCH during the event.

The walk-in clinic has also remained open during the attack.

As of Saturday, service had not yet been restored. And officials notified patients that its maternal child department was only taking patients on a case-by-case basis. As a result, those patients were told to call ahead with any concerns or questions.

The latest update on Sunday afternoon showed that services had not yet been restored. The EMS, ED, OB, and walk-in clinic departments have continued to assess and treat, or transfer patients when appropriate. Patients have been told to call ahead and bring medication bottles with them to their appointments.

“Our patients are our highest priorities. We understand this is inconvenient and disruptive,” officials said in a statement. “At this point in time, there is no evidence that any patient data has been accessed or misused. The investigation is ongoing, and we will provide updates when more information becomes available. We are working diligently to restore complete access to our services.”

The CCH security event bears hallmark to several recent reports from other healthcare providers, including a massive ransomware attack that impacted 100 dental provider offices.

In June, Ohio-based NEO Urology paid its $75,000 ransomware demand to restore services, after three days without access to its computer systems. The provider was experiencing between $30,000 and $50,000 a day in revenue losses. Five other providers reported similar attacks in June.

Meanwhile, hackers demanded $1 million from Washington-based Grays Harbor Community Hospital and Harbor Medical Group, which disrupted services for nearly two months. Reports did not shared whether the provider paid the ransomware.

After a decline in ransomware attacks last year, the attacks have doubled in 2019. Researchers are seeing an increase in brute-force attacks, which can cause an average of 10 days of downtime. Organizations across all sectors have seen an increase in these attacks, as well, which prompted the Department of Homeland Security to released two alerts meant to help businesses shore up their defenses.