Monday, September 30, 2019

Gillette, Wyoming Hospital Campbell County Health Down from Ransomware


Ransomeware continues to be the scourge of the healthcare IT world.  It seems I cannot do any kind of search these days without coming across a recent article that describes a healthcare institution dealing with a security issue; especially Ransomware.

Here is the information that the hospital has released publicly:

On Friday, September 20 at approximately 3:30 am, Campbell County Health experienced a computer service disruption that was later identified as ransomware. Like many health systems throughout the country, CCH has fallen prey to a very sophisticated criminal attack. The ransomware affected our computer system and our ability to provide some clinical services. Our patients are our highest priority, and we immediately began working with third-party cyber security experts and law enforcement. At this time the investigation is ongoing.

CCH continues working hard to restore our computer systems so we can resume normal operations. We understand response to these attacks can be frustrating for everyone in the community, but we have to be methodical in our response, to insure no remnants of the malware remain on the system. We are doing everything in our power to resolve this as quickly as possible. Thank you for your patience.

UPDATE: September 29, 2019, 12:00 pm
NO EMAIL and limited FAX capabilities. Please call the respective areas with communications. CCH’s main phone line is 307.688.1000 and is able to transfer calls.
CCH has been assured by local, state and federal experts (FBI, Homeland Security, Cyber Security experts) that there is no evidence that any patient or employee information has been compromised. Out of respect for the ongoing criminal investigation we are not able to provide details. Our primary goal is to provide outstanding care to our patients and restore our system as quickly as possible.

Pharmacies can fax orders to a secure fax line - 688.5074, please include a cover sheet with a specific department name.

Lab is seeing limited outpatient case at this time including necessary routine bloodwork. There is not any walk-in wellness bloodwork. Please contact your medical provider regarding your bloodwork needs

Radiology is not open for outpatients. They are providing limited services for Emergency Department , PROS and Walk-In Clinic only.
As of Sunday, September 29, the following services are open and are taking patients during normal business hours. It is advised to call to confirm your appointment prior to going in. All patients are also asked to bring medication bottles with them to their appointment.

Obviously this has created a *serious* disruption for the hospital, but more importantly for the patients they serve.  While the criminals look upon these situations as “profit centers” they fail to see (or simply do not care) that their actions are affecting real people and their care.  These types of criminal acts may very well cause deaths.  If that is the case, I feel the perpetrators should be charged with murder.  This isn’t only about lost revenue for the facility or data security, although both of those things are certainly affected.  This is about the well being of patients.  This cat and mouse game will continue until the perpetrators do not see a positive aspect to this.

Statistics are indicating that in 2019 Ransomware attacks have doubled in frequency over 2018.  That is according to a recent report released by the McAfee antivirus company.

According to the McAfee report, not only has Ransomware increased 118% in 2019, but the *methods* of attack are changing and becoming more sophisticated:

McAfee researchers observed cybercriminals are still using spear-phishing tactics, but an increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply bought in underground markets. Where past ransomware criminals would set up a command and control environment for the ransomware and decryption keys, most criminals now approach victims with ransom notes that include an anonymous email service address, allowing bad actors to remain better hidden.

If you are a doctor or healthcare provider in a private practice and you don’t understand that paragraph above, don’t worry.  That’s what IT professionals are for.  However, it also demonstrates that small clinics *need* IT security and that it cannot be provided without the help of experienced professionals.

I know I’ve mentioned this many times in the past, but the best way to combat a Ransomware attack, is to be prepared with a viable backup.  Then you can simply reformat your hard drives and copy the good data back.  However, this only works IF you have a good backup.  That’s why I trust my backups to DDS Rescue.  

I have been using the system pretty much since they came to the market and I put my head on the pillow at night feeling much less stress about how I would survive a Ransomware attack.

No comments:

Post a Comment