GILLETTE (WNE) — Sept. 20, 2019, began as a normal day at Campbell County Health. CEO Andy Fitzgerald was not in the office, but Chief Operating Officer Colleen Heeter was overseeing operations at Campbell County Memorial Hospital and the organization’s other facilities.
The day started off as usual until an information technology employee approached Heeter.
“There’s something really wrong with our system,” she recalls being told.
“OK,” Heeter said. “What’s down? The phone, the computers?”
“They said, ‘No, there’s something deeply wrong,’” Heeter said.
The tech went back to work on the problem, then a few minutes later told her, “We are under a ransomware attack. We are turning everything down.”
That meant a technology blackout that included more than 1,500 servers and computers at the hospital and the Legacy Living and Rehabilitation Center.
“That’s pretty significant to turn everything down,” Heeter said while recounting the ransomware attack to Chamber of Commerce members at Tuesday’s monthly luncheon.
An incident command post was immediately created and the fight to restore operations began.
Hospital leadership’s first phone call was to its cyber insurance company to inform it of what happened. They then contacted Gov. Mark Gordon’s office and several state and national agencies about the attack, including the Department of Homeland Security and the FBI, then the Wyoming Department of Health to see what could be done with patients.
“We could do an X-ray and read it in the box, but we could not pull up our images, so it was pretty significant,” Heeter said about the attack’s impact.
The hospital was still able to provide services, but not take in emergency medical transports to the emergency room.
Staff reached out to hospitals across Wyoming and in Rapid City, South Dakota, to see which could take patients with the most critical needs.
“Patient care was the utmost concern of ours from Day One,” she said.
Everyone later congregated to try and figure out how to keep everything running as best they could.
“How do we communicate this?” Heeter asked. “What do we tell our community and patients?”
Over the next couple of weeks, hospital staff worked around the clock to overcome the ransomware attack, even if it meant sleeping in hospital beds, she said. As each day passed, the hospital was slowly restored its systems.
Heeter said no patient health information was compromised, but she would not release financial numbers about the attack such as how much the hospital was being ransomed for. She did, however, offer Chamber of Commerce members some advice to help them avoid a similar experience.
Ransomware is a malicious type of software that is, in effect, a computer virus with a specific purpose. In the case of CCH, once it infiltrated a computer or server, it launched a program that encrypted all the information on the device, and eventually the entire network it’s part of. It is designed to block access to a system until a requested amount is paid.
“What would it take if you didn’t have your computer, your contacts and everything?” Heeter asked. “It’s pretty significant.
“You should always have backup. Even if you have backup, you have to check and see they didn’t attack the backup.”
She also suggested to be vigilant about phishing emails.
Phishing is a cybercrime where a target is contacted by email or telephone by someone posing as a someone else to lure the potential victim to release personal information like a Social Security number.
“You have to be mindful,” Heeter said. “If you don’t have a tagline now above your system that says, ‘This is from an outside email,’ that alone is something I would suggest and most IT people would suggest.”
Opening up a phishing email also allowed the hacker to gain remote computer access, which potentially also could have led to access to important documents like patients’ health information.
As a result of the ransomware attack, the hospital is taking measures to make sure it doesn’t happen again.
For example, Campbell County Health changed its antivirus software and server system. It is working to install a virtual desktop infrastructure to allow staff to access information safely at a remote location.
Despite any protocols a business employs, if there’s something strange in an email folder, always call your IT department or contractor, Heeter said.
“Education is key,” Heeter said. “I think putting the big red ‘this is coming outside of CCH’ on your computer is important too, but it’s just about educating. When in doubt do not click on anything, just call IT.
“The (staff) are a little paranoid (now), but it’s probably good to be paranoid for a long time.”
Gillette City Councilman Bruce Brown, an accountant, said Heeter’s presentation made him think about the security on his work computers.
It is time to “wake up,” he said about looking into improving his antivirus protection.