[BreachExchange] Wyoming health system COO shares story of ransomware attack

Destry Winant destry at riskbasedsecurity.com
Wed Feb 19 10:13:05 EST 2020


https://www.beckershospitalreview.com/cybersecurity/wyoming-health-system-coo-shares-story-of-ransomware-attack.html

After experiencing a ransomware attack in September 2019, Campbell
County Health COO Colleen Heeter stresses the importance of backups,
according to the Laramie Boomerang.

At the Campbell County (Wyo.) Chamber of Commerce monthly luncheon on
Feb. 11, Ms. Heeter detailed the ransomware attack on the Gillette,
Wyo.-based health system, which affected more than 1,500 servers and
computers. She said hospital leaders and staff worked around the clock
for weeks to ensure patients were taken care of.

On the day of the attack, Campbell County Health CEO Andy Fitzgerald
was not in the office when an IT employee approached Ms. Heeter, who
was overseeing operations at the time, stressing that something was
"deeply wrong." Within a few minutes, the employee determined that the
hospital was under a ransomware attack and told Ms. Heeter that they
needed to shut down computer systems.

The first call Ms. Heeter made was to Campbell County Health's cyber
insurance company. Campbell County Health then contacted Gov. Mark
Gordon and other state agencies.

Although clinicians were able to treat patients and take X-rays, they
couldn't pull images or medical records. Instead, Campbell County
Health reached out to nearby hospitals to see if they could take in
critical patients, said Ms. Heeter.

Clinicians were able to treat patients who had scheduled appointments.
Ms. Heeter also confirmed that there is no evidence that patients'
health information was compromised. It's unclear how much the
attackers demanded in the ransomware attack.

When looking back on the incident, Ms. Heeter reminds executives to be
vigilant of phishing emails and to always have backups.

"You should always have backup," she said, according to the Laramie
Boomerang. "Even if you have backup, you have to check and see [that]
they didn't attack the backup."


More information about the BreachExchange mailing list