Great Plains Health Ransomware Attack Prevents Access to Patient Medical Records

Share this article on:

North Platte, NE-based Great Plains Health has experienced a ransomware attack that has resulted in the encryption of patient medical records.

The attack was detected at around 7pm on Tuesday, November 26. Prompt action was taken to minimize the impact on patients, and staff switched to pen and paper while computer systems were offline. IT staff have been working round the clock dealing with the attack.

With access to medical records prevented, the decision was taken to cancel non-emergency patient appointments and some medical procedures, although surgeries and certain imaging procedures are continuing to be provided as normal. The hospital has not switched to emergency operations and is not diverting patients.

The attack also impacted its phone and email system, although voicemail is unaffected. Staff have been checking voicemail messages regularly and have been calling patients back who have not been able to get through on the telephone.

It is currently unclear whether the ransom demand was paid or if medical records and other encrypted files are being restored from backups. Officials are currently unsure how long it will take to recover from the attack but suggest it could take weeks or even longer.

While patient information was encrypted, Great Plains Health does not believe that any patient information has been viewed or stolen by the attackers. The sole purpose of the attack appears to have been to extort money from Great Plains Health. A full audit of its systems will be conducted to determine whether patient information has been accessed or stolen.

Atria Senior Living Experiences Phishing Attack

The Louisville, Kentucky-based retirement and assisted living company, Atria Senior Living, has announced that an unauthorized individual has gained access to the email accounts of some of its employees and potentially accessed the protected health information of certain clients.

Assisted by a cybersecurity firm, Atria Senior living determined that several employee email accounts had been compromised and were accessed by an unauthorized individual on various occasions between September 18 and September 20, 2019.

A review of all affected email accounts was conducted to determine the types of information that had potentially been compromised and which clients had been affected. It was not possible to tell whether emails or attachments had been opened or copied.

Since unauthorized data access could not be ruled out, affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months.

Atria Senior Living has now implemented additional security measures and safeguards to prevent further email security breaches. It is currently unclear how many individuals have been affected by the email security breach.

Author: HIPAA Journal

Share This Post On