Campbell County Health in Gillette, Wyoming, is struggling to get its computer systems back online after being hit with a ransomware attack earlier this month.
CCH does not have an estimate of when its systems will be back up, but the ransomware has affected all 1,500 of the organization’s computers, including its email server, according to the Gillette News Record.
Campbell County Memorial Hospital, the organization's 90-bed hospital, began diverting patients from its emergency room on Sept. 20 as a result of the attack. Campbell County Health also canceled many exams and procedures, including outpatient lab, respiratory therapy and radiology exams, new inpatient admissions and some surgeries, according to a notice on the organization's website.
In an updated notice on Sunday, CCH said emergency medical services, the emergency department, maternal child (OB) and its walk-in clinic are open for assessing patients and clinicians will treat or transfer patients as appropriate.
RELATED: California hospital pays hackers $17K after ransomware attack
CCH operates the hospital, Campbell County Medical Group with nearly 20 clinics, a long-term care center and a surgery center and all operations were impacted by the cyberattack, according to CCH officials.
The hospital said there currently is no evidence that any patient data has been accessed or misused. CCH representatives could not be reached for comment and it is not known whether there has been a ransom demand by the hackers.
Ransomware poses an increasing threat to hospitals with other recent attacks including Ottawa Hospital in Canada and Hollywood Presbyterian Medical Center in California. Staff at Hollywood Presbyterian Medical Center worked without electronic health records and email access for more than a week in 2016 after an attack. The hospital reportedly paid $17,000 to unlock its data from hackers.
An Ohio medical practice was allegedly hacked in June and told to pay $75,000 in ransom to unlock its computer system. N.E.O. Urology Associates, which has an office in Boardman, Ohio, agreed to pay the ransom using bitcoin to access its computer system
Other organizations hit with ransomware have opted not to pay the hackers to restore access to their systems.
Patients in Campbell County Memorial Hospital's behavioral health, home health and hospice, maternal child, medical/surgical and rehabilitation center are being "safely cared for" and the hospital is working with regional facilities to transfer patients who need a higher level of care, officials said.
CCH has transferred six patients to other facilities, as of Saturday.
RELATED: Moody's: Cyberattacks could cause significant financial disruption for hospitals
“Our staff’s response and the calmness that exists in this building when such an awful incident is occurring should be noted,” CCH board chairman Dr. Ian Swift said on Friday, according to the Gillette News Record. “I’m very impressed with our leadership, I’m very impressed with the employees and just the response this organization’s made.”
CCH Chief Operating Officer Colleen Heeter said there are seven ambulance drivers ready to transport patients if needed, and there are flight crews available as well, the local newspaper reported.
The residents of Campbell County are safe, and if things do occur, through our ER and other services, we will make sure that they receive the care that they need,” Swift said.
Heeter said CCH might not be the only victim of this ransomware attack, adding that there are potentially two other places in Wyoming that were affected, the Gillette News Record reported.
CCH is talking with its cybersecurity attorneys, as well as various state and federal departments, to figure out what steps to take to resolve the issue.
RELATED: Ohio medical practice hacked, pays $75K in ransom: report
David King, Campbell County Emergency Management Coordinator, said if a hospital diverts patients to a less capable facility, it risks losing some of its federal reimbursement money.
The Gillette News Record also reported that Campbell County Commissioners approved a resolution Friday afternoon declaring a disaster to initiate the process of an 1135 waiver to waive or modify certain Medicare, Medicaid and Children’s Health Insurance Program (CHIP) requirements.