According to Great Plains Health officials, around 7 p.m. Monday, ransomware was detected in the Great Plains Health computer network.
The hospital's information systems team immediately identified the issue and worked through the night to minimize the impact to local health services.
"We are confident that patient information was not breached in any way," said Mel McNea, Great Plains Health CEO. "We will however, do a full audit to further investigate."
Many non-emergency procedures have been cancelled as a result.
Interestingly the hospital is saying that patient records were not breached but there has been some debate in the IT community about ransomware and it constitutes a breach. Quite often, it is thought of as malware that merely encrypts files but it is not always easy to know whether it is also sending data outside the network.
Future forensics investigations will no doubt reveal more details.
Yesterday we reported that Livingston, New Jersey schools were hit with ransomware and a few weeks back we reported a company is being held hostage with a $5M ransom they are supposed to pay by the end of this month.
Sadly, healthcare is a huge target for hackers.
Methodist hospitals were hacked in October losing 68,000 records. Also in October, ten U.S. and Australian hospitals were hit with ransomware – all at once. A nightmare when you consider this could easily be dry run for a larger attack in the future.
This past February, UCONN Health was hacked and 326,000 patients were impacted.
How do you stay secure or at least drastically reduce the risk? Follow these three steps to start:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.