#Privacy: Another healthcare organisation struck by ransomware

A ransomware attack on Great Plains Health (GPHealth) has forced staff to switch to pen and paper to maintain workflow. 

On Monday evening, ransomware was detected in the GPHealth computer network. Almost immediately, the information systems team uncovered the issue and worked through the night to reduce its impact on local health services. 

The following day, GPHealth announced in a statement that it was cancelling many non-emergent patient appointments and procedures. However, surgeries and select imaging procedures will continue as scheduled. 

The hospital is still in full operation and is operating under downtime procedures, using pen and paper for communication between staff and patient forms. 

“We are confident that patient information was not breached in any way,” said Mel McNea, chief executive officer of GPHealth. “We will however, do a full audit to further investigate.”

The hospital is working alongside the FBI and other cybersecurity experts to investigate the incident and solve the issue. 

It remains unknown as to what ransomware strain was used, and whether the ransom was paid to restore the encrypted data. 

Fiona Libsack, chief development officer of GPHealth, told KNOP: “They target geographic areas. And so we would ask the community to be very careful if you’re receiving any suspicious phone calls, to know that if it sounds too good to be true it probably is. 

“And make sure that you are not giving out Social Security numbers or anything like that. If there is suspicious activity on your personal computer or your business computer make sure you’re changing passwords.”


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.