21 Feb 2020
Having a backup plan doesn’t just keep you up to code; it also ensures that you can continue providing the service your clients have come to expect. A few weeks ago, we examined the attack on Premier Family Medical and what they did to ensure they were able to continue operating as usual. Today, we look into a more severe attack, and what to do when things don’t go as planned. Late into September, Campbell County Health in rural Wyoming discovered a ransomware attack that had affected all of its computer systems. It was significantly disrupting the organization’s ability to care for its patients, and the admission of new patients had been halted altogether. Other patients in need of outpatient lab testing, respiratory therapy, and radiology exams or procedures had to be turned away. Instead, the hospital redirected patients to other area hospitals. Emergency services set up a triage and transfer process to transport patients to a different care facility. By the following Sunday, Campbell continued to report service disruptions, but had reopened its emergency medical services, maternal and pediatric ward, and walk-in clinic. During the ransomware attack, the hospital was able to continue treating some previously admitted patients as inpatients, but was forced to transfer those who required an elevated level of care. Campbell’s rural location required it to send a high number of patients to other hospitals in Wyoming, Montana, and South Dakota, including Sheridan Memorial Hospital, roughly 125 miles away.
Communication Is KeyFrom natural disasters to cybersecurity catastrophes, hospitals are always planning for worst-case scenarios. Ransomware, as a more recent threat, highlights the importance of hospitals having a plan for where to send patients during a crisis. Aside from making transfers to hospitals within the same organization, they should also have agreements with nearby organizations in the case of a larger attack. When the attack occurred, Campbell began periodically updating its website to inform patients of the ransomware’s impact, and the extent to which their services are open. This kind of open, honest communication is essential, including between affected hospitals when a more widespread attack strikes the region. Making full use of government resources is also crucial during an attack. The Homeland Security Office in Wyoming has established connections with local, state, and federal officials to respond to Campbell’s crisis, and in the meantime, the hospital is working with a private cybersecurity firm to take back control.
Prepare For the WorstEven when your guard is up, it’s possible for cybercriminals to get the best of your systems. When that happens, you need to be ready to respond with a fast-acting, smooth-moving plan that catches your attackers by surprise. With our Red Team Assessment’s tested virtual assessment process, you can prepare your response to current threats in a highly efficient, low-stakes environment. We try the real-world effectiveness of your security controls against realistic simulations that include:
- Assessment of real-world threat vectors
- Circumvent security systems and controls
- Compromise perimeter/internal systems
- Establish persistent internal connections
- Gain network user account access
- Gain elevated privilege (admin) access
- Identify key systems and databases
- Establish backdoor access to key systems
- Capture sensitive data for validation