Campbell County Health

Campbell County Health (CCH) is a healthcare organization based in the United States, providing a broad range of medical services to the community of Campbell County, Wyoming. The organization operates a hospital that includes an emergency department, offering acute care for urgent medical needs. Beyond emergency services, CCH delivers behavioral health programs, home health care, hospice services, and rehabilitation therapies. It also runs a walk-in clinic for non-emergency consultations and works closely with emergency medical services to ensure timely patient transport. These services collectively address the comprehensive health needs of the county's residents. With its main facilities in Gillette, CCH serves as a primary healthcare provider for the region.

As a major employer in the area, CCH supports a substantial workforce, a fact underscored by a 2017 data breach that compromised the personal information of approximately 1,400 employees. The breach involved Social Security numbers and W-2 tax forms, highlighting the volume of sensitive employee data the organization handles. The range of clinical services—from inpatient acute care to outpatient rehabilitation—reflects a broad scope of operations typical of a community health system. During the 2019 ransomware attack, the need for regional patient transfers indicated that some specialized treatments are coordinated with external facilities. This interdependence with neighboring providers reinforces CCH's role as a hub within the local healthcare network. The organization's ability to maintain critical services during cyber disruptions demonstrates a commitment to patient care even under adverse conditions.

In September 2019, CCH experienced a sophisticated ransomware attack that caused extensive computer system disruptions and service outages across its facilities. The emergency department immediately implemented triage protocols, and while many services were temporarily unavailable, critical care units—including behavioral health, home health, hospice, and rehabilitation—continued to operate safely. Regional coordination enabled the transfer of patients requiring higher levels of care, and emergency medical services increased ambulance availability to support the surge. The walk-in clinic remained open but operated under reduced hours, ensuring some access to non-emergency care. Notably, investigators found no evidence that patient data was compromised during the incident. Earlier, in January 2017, a phishing scam targeted CCH, with an attacker impersonating a hospital executive to deceive employees. This social engineering tactic resulted in the unauthorized acquisition of sensitive employee data, specifically the Social Security numbers and W-2 tax information of about 1,400 staff members. The breach exposed personal and financial details. Together, these incidents illustrate the persistent cybersecurity challenges confronting healthcare providers and the need for vigilant protective measures. They also reveal CCH's experience in navigating such threats while striving to preserve patient safety and organizational continuity.