In case we needed another reminder of how terribly things can go wrong when we place too much trust in technology, an attack on the computers of a healthcare system in Wyoming forced a hospital to transfer patients and cancel surgeries.
The problem was caused by a ransomware attack that took control of the computers at the Campbell County Memorial Hospital in Gillette. Although the emergency room remained operational, many services became unavailable at the facility, which hosts clinics, a surgery center, and a long-term care center in addition to the 90-bed hospital.
For example, elective surgeries were canceled, and others were being considered on a case-by-case basis. The outpatient lab was shut down, inpatient admissions were brought to a halt, and services like imaging, respiratory therapy, record-keeping and pharmacology were all affected.
The hospital said that its walk-in clinic and emergency services would remain open, but ambulances and flight crews were on hand to transport patients if needed.
Although officials say they haven’t found evidence that patient data was misused, it’s possible that the hackers gained access to sensitive data pertaining to patients and/or employees. The ordeal caused Campbell County commissioners to declare a local disaster in the area, which is home to around 46,000 people and the heart of the state’s oil and coal industry. The declaration will protect the hospital from losing federal funding due to diverting patients to inferior facilities.
The hospital is keeping 1,500 computers and servers offline to help contain the attack. The computers are being treated as a crime scene as investigators work to determine who was behind the attack. FBI investigators and officials from the Wyoming Department of Homeland Security are on the scene.
Emergency Management Coordinator David King said: “They have unplugged every computer in the hospital. Physically unplugged them from the wall.”
A message on the hospital’s website advises patients to call to confirm their appointments prior to showing up; those whose appointments haven’t been canceled are being told to bring their medication bottles with them. In the latest update, which was posted yesterday, they advised people to call because they have no email and limited faxing capabilities.
Their site also warned that some people in the area had been receiving phone calls from opportunists claiming to be hospital representatives seeking personal information on the pretense of restoring their patient portal. They advised people not to share information with these callers.
Officials haven’t said how many patients have been transferred so far, and they don’t know when the issue will be resolved. Because the attack is still under investigation, hospital officials won’t discuss the hackers’ demands or specify whether those demands were being met.
Ransomware attacks on healthcare computer systems on the rise
A similar attack was seen at Hollywood Presbyterian Medical Center in California in 2016, when staff were forced to work without email access and electronic health records for more than a week before the hospital paid hackers $17,000 to unlock its data. Two Iranian men were later found to be responsible for the attack.
In another incident, N.E.O. Urology Associates in Ohio paid a $75,000 ransom in bitcoin to unlock its computer system. Other organizations hit by such attacks decided not to pay hackers for restored access.
These problems are on the rise, and they will only continue to increase as we trust computers with more and more vital information. Thankfully, other hospitals are available to pick up some of the slack in this incident, but what would happen if all the hospital systems in the country or even just one state or county were attacked at once?
Sources for this article include:
Please contact us for more information.