Local Ransomware Attack Still Under Investigation

Campbell County Health Receptionist sits at computer in hospital

Campbell County Health (CCH) is not commenting on the recent ransomware attack Sept. 20 that shut down computer systems at CCH facilities for several days, crippling key functions and services and forcing the 90-bed facility to transfer patients to surrounding hospitals in Wyoming and South Dakota.

The attack remains under review by the Federal Bureau of Investigation, according to CCH Community Relations Director Karen Clarke, who also said that the hospital will not be granting any additional interviews on the topic.

No patient records or personal information was comprised during the attack, Campbell County Emergency Coordinator David King said, and to his knowledge, the hospital did not pay a ransom to have the records unlocked.

“The hospital said early on that no data left their system,” King said. “By shutting down their computers immediately and completely disconnecting, they were able to limit the damage and exposure.”

Hospital staff and the IT department responded incredibly well, King added, which isn’t always the case. King referenced a ransomware attack around the same time at another Wyoming facility, which he was not at liberty to name, in which their computer systems were entirely decimated by the assault.

-- Advertisement – Story Continues Below --

“It completely destroyed their system,” he said. “We were much luckier.”

King was not sure what type of software the hospital was using or how the virus was able to infiltrate their system.

Statistically speaking, most ransomware attacks begin with an email. According to Laura Baker of the non-profit CyberWyoming, who had no comment on the details in the CCH case, 91% of malware and bugs enter through email. Increasingly, she said, individuals and organizations are at a greater risk for a cyberattack than ever before, with ransomware attacks nearly doubling in 2019.

“You can do absolutely everything right, and they might still be able to come in,” Baker said. “Email is vulnerable because it has to be open, because we need to communicate, and all they need to do is get somebody to click.”

Equally important to protecting against vulnerabilities in the infrastructure, she said, is educating users as a second line of defense. Elderly people, in particular, are at risk for cyber crimes as are extroverts with poor impulsivity control, according to Dr. Erik J. Huffman of SecureSet Cybersecurity Academy in Fort Collins, Colorado. Huffman is one of a  small group of scientiests studying the emerging field of cyber psychology.

-- Advertisement – Story Continues Below --

“We spent years trying to patch the human with technology. It didn’t work,” Huffman stated in a press release announcing his presentation at last month’s Cybersecurity Symposium in Laramie.

In 2017, Huffman and his team surveyed 250 hackers at the DEF CON hacker convention, finding that 73% of those found traditional perimeter security hardware and software to be irrelevant. Instead, they realized that employees posed the greatest vulnerabilities, and therefore, were primary targets for spoofing and other cyber-hacking tactics.

As sophisticated and savvy as the cyber attacks are getting, Baker noted, law enforcement is also upping its game by actually going after the hackers responsible for criminal activities, many of which are based outside the U.S. She pointed to the ransomware attack on the Colorado Department of Transportation in spring of 2018, in which the SamSam malware infected more than 150 servers and 2,000 workstations, paralyzing services for weeks and costing the state more than $1 million to clean up. The two 20-something Iranian males responsible for the attack were ultimately indicted on federal charges in November 2018, charged with allegedly extorting more than $6 million in ransom payments from more than 200 hospitals, businesses, government agencies, schools, and individuals across the country and Canada over a three-year period.

Baker agreed with King that CCH’s response to the ransomware attack was swift, owing in part, she thought, due to their disaster preparedness and training, and the skill of their staff.

“Gillette has some of the most talented IT teams out of any hospitals in the state,” she said, “so that’s really good.”