Posted: September 25, 2019, McKnight’s Senior Living, mcknightsseniorliving.com

A ransomware attack at a Wyoming health system that includes a long-term care facility has affected all 1,500 computers, disrupted service provision and forced the use of paper charts instead of electronic health records. And one official says such incidents are increasing across the country.

The attack at Gillette, WY-based Campbell County Health — which includes The Legacy Living and Rehabilitation Center, with a secure memory care wing, as well as a hospital, medical group with almost 20 clinics, and a surgery center — occurred around 3:30 a.m. Friday, according to system officials.

“Ransomware attacks have doubled in 2019 … so it’s a problem that is bigger than Wyoming,” Tim Walsh, a supervisor in the state Department of Enterprise Technology, said at a Monday press conference.

Ransomware, according to the Department of Homeland Security, “is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.”

Campbell County Health first reported “serious computer issues resulting in service disruptions throughout the organization” at 10:30 a.m. Friday. Officials continued to provide updates on the system’s website.

By Saturday morning, system officials said in an online post that long-term care residents and home health and hospice patients continued to be cared for. “We are working with regional facilities to transfer patients who need a higher level of care,” they said.

By Tuesday, some system services were being provided “on a case-by-case basis” and others still were not being offered. Radiology services are being affected the most, Chief Operating Officer Colleen Heeter had said at the previous day’s press conference.

Campbell County Health is not disclosing the number of people affected by the ransomware attack, she said.

The health system is working with local, state and federal authorities. There is no time estimate for resolution of the cybersecurity issue, Matt Sabus, the system’s IT director, said at the press conference. No indication currently exists that any resident or patient medical data were affected, he added.

County commissioners issued a disaster declaration on Friday as a precaution, to try to prevent the potential imposition of Medicare penalties for the system using outside services that might be deemed a lower level of care, said David King, Campbell County Emergency Agency management coordinator. Use of some electronic equipment has been problematic, he noted.