A cyberattack Nov. 25 created numerous problems for Great Plains Health, but Chief Information Officer Brandon Kelliher said the hospital is back to functioning near normal.
The ransomware attack did not permanently damage any of the hospital’s approximately 360 servers and the hospital is now more than 80% recovered.
Kelliher said there is something to learn from this event that expands beyond the hospital itself.
“One of the things that the bad guys usually do is they attack some major institutions in specific areas, then shortly after that they start a program of robocalls and things like that,” Kelliher said. “They actually ‘subcontract’ that to another set of bad guys, and the idea is to create hysteria in the area so that people will get worried and start paying the ransoms.”
Kelliher said the robocallers will use the chaos to take advantage of people.
“They’ll say things like, ‘Hey, your hospital data has been breached, so you need to make sure you do this and this, so give us your password so we can change your passwords for you,’” Kelliher said. “We had a couple of people call the hospital and say, ‘I’ve been getting these calls about changing my insurance and they say they’re from Great Plains Health.’
“No one from Great Plains Health would do that,” he emphasized and said folks in the North Platte area should be particularly careful about people calling and requesting personal data for the next several months.
As for GPH, Kelliher said the attack affected about 80% of its server farm.
“Since that night, we have been rebuilding the servers,” Kelliher said. “We started with the things that are important for caring for patients first. Those are in approximately the first 40% of the systems/servers.”
The hospital had to rebuild about 290 of its 360 servers.
“We had the primary clinical systems back online in less than two weeks,” Kelliher said. “We only had to operate on paper for about 4½ days.”
He said the hospital already had a recovery plan in place and did not suffer significantly through the breach. Other entities have not been as fortunate.
According to an AP story from Sept. 21, 2019, Campbell County Health in Gillette, Wyoming, suffered a cyberattack that forced the hospital to cancel some surgeries, stop admitting patients and transfer some patients to other facilities.
Kelliher said the city of New Orleans also suffered a ransomware attack that created numerous issues for its residents.
“We’ve been able to restore from backup and various other methods the lion’s share of our data,” Kelliher said “No patient data has been lost, and we don’t have any reason to believe any was compromised in the attack.”
Kelliher said disasters bring people together.
“The IT team at Great Plains Health did a fantastic job of pulling together in order to make the recovery happen as quickly as possible,” Kelliher said. “The other important piece to that thought process is that not only did the IT team come together, but the entire organization came together to make sure that the patients were cared for properly.”
He said hospital personnel worked diligently to restore its servers.
“We had people in here for 36 hours straight when it first started to make sure that we got to a certain point where we could hand off to some other people,” Kelliher said. “We worked that way for about six days straight, to get things back to a functional level as quickly as possible. Recovery just takes hard work.”