Ransomware Attack Affects Long-Term Care Facility

CAST | October 16, 2019 | by Donna Childress

A Wyoming health system is feeling the effects three weeks after the attack; assess and protect your organization with CAST cybersecurity resources and LeadingAge Annual Meeting session.

A ransomware attack has disrupted services at 1,500 computers at a Wyoming health system, including those at a long-term care facility. Campbell County Health in Gillette, WY, is using paper charts instead of health records, says a recent article in McKnight’s Senior Living. This attack comes after a recent data breach reported in Tech Time that affected more than 60 senior living providers.
The Legacy Living and Rehabilitation Center, part of Campbell County Health in Gillette, WY, offers both long term care and short-term rehabilitation and a secure memory care wing. The health system includes a hospital, medical group with nearly 20 clinics, and a surgery center.
Full functionality was not restored quickly after the attack, which happened on Sept. 20, 2019. Said an update on Oct. 4: “Over the past few weeks, our patience and determination has been challenged. Technology improves all of our lives, but the dramatic increase in cyber crimes reminds us that technology can also come at a cost.”
As of Oct. 7, clinics and care areas were calling patients who needed to reschedule. Respiratory Therapy continued to not accept outpatients and the Sleep Center remained closed. As of Oct. 11, the center’s website still featured a notice that Campbell County Health was working hard to restore its computer systems and resume normal operations.
The health system reportedly transferred some patients who needed a higher level of care. County commissioners issued a disaster declaration, a move intended to prevent Medicare penalties for the system using outside services that might be deemed a lower level of care, said the McKnight’s article.
At a press conference, Tim Walsh, a supervisor in Wyoming’s Department of Enterprise Technology, reportedly said, “Ransomware attacks have doubled in 2019 … so it’s a problem that is bigger than Wyoming.” Phishing emails and infected websites are the most common ways to receive ransomware.

CAST Sessions on Mitigating Cyberthreats

At the LeadingAge Annual Meeting & EXPO, coming up Oct. 27-30 in San Diego, CA, a session will focus on avoiding cyberattacks. Session 17-H, Cyber Threats and Compliance Challenges: Managing Technology Risk, will identify the principal cybersecurity threats facing aging services organizations. It will assess compliance risks related to common technologies and equipment, with particular focus on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.
Speakers are Jennifer Griveas, Chief Human Resources Officer & General Counsel, and Michael Gray, Director of Information Technology, both from Eliza Jennings.
They will review the most common forms of external cyberattacks, including ransomware, viruses, malware, and hacking. Then they will discuss security challenges associated with electronic medical record systems, mobile device usage, and email and texting security.
Come to this session and take home best practices for managing cyber threats, minimizing risk, integrating technology professionals into organizational management structures, and implementing recommended compliance work plan initiatives related to technology. This valuable session takes place on Wednesday, Oct. 30, 2019, from 11:30 a.m. to 1 p.m. Explore the full list of sessions, then register today for the annual meeting.

CAST Cybersecurity Resources

As attacks on aging services organizations are happening more frequently, please review and use CAST's Cybersecurity Resources. They will help you to understand and mitigate cybersecurity threats and protect your organization. They also guide you on how to respond if your organization is attacked.
The resources include a Cybersecurity White Paper, Case Studies, and a Self-benchmarking Questionnaire. Use them to identify where your organization may be at risk so that you can strengthen your protection.
If your organization uses voice-controlled devices, please review CAST’s article “Opportunities, and Risks, with New Smart Voice Technology in Senior Living” for guidance on related privacy and security concerns.