#Privacy: Another healthcare organisation struck by ransomware

A ransomware attack on Great Plains Health (GPHealth) has forced staff to switch to pen and paper to maintain workflow. 

On Monday evening, ransomware was detected in the GPHealth computer network. Almost immediately, the information systems team uncovered the issue and worked through the night to reduce its impact on local health services. 

The following day, GPHealth announced in a statement that it was cancelling many non-emergent patient appointments and procedures. However, surgeries and select imaging procedures will continue as scheduled. 

The hospital is still in full operation and is operating under downtime procedures, using pen and paper for communication between staff and patient forms. 

“We are confident that patient information was not breached in any way,” said Mel McNea, chief executive officer of GPHealth. “We will however, do a full audit to further investigate.”

The hospital is working alongside the FBI and other cybersecurity experts to investigate the incident and solve the issue. 

It remains unknown as to what ransomware strain was used, and whether the ransom was paid to restore the encrypted data. 

Fiona Libsack, chief development officer of GPHealth, told KNOP: “They target geographic areas. And so we would ask the community to be very careful if you’re receiving any suspicious phone calls, to know that if it sounds too good to be true it probably is. 

“And make sure that you are not giving out Social Security numbers or anything like that. If there is suspicious activity on your personal computer or your business computer make sure you’re changing passwords.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/