Hancock Health pays $55k ransom, no patient data exposed

Greenfield, Ind.-based Hancock Health paid hackers a $55,000 ransom after files on part of its network were locked Thursday, a hospital spokeswoman confirmed to Becker's Hospital Review. 

An unknown criminal group launched the ransomware attack against Hancock's information systems at about 9:30 p.m., Jan. 11. Hospital leadership enlisted its legal representation at Hall-Render and a cybersecurity firm Pondurance to begin an investigation into the incident, which determined an administrative account setup by one of the hospital's vendors had been compromised. Hackers used that information to gain unauthorized access to a system managed by the vendor — which the hospital did not name — and infected its systems with a ransomware variant known as SamSam.

By Jan. 12, the team contained the incident and worked to recover its files. Hospital officials opted to pay attackers the requested ransom of 4 bitcoins, which at the time equated to $55,000, to obtain the necessary private keys. The hospital was back online with its critical systems restored to normal production levels by Jan. 15. 

According to the investigation, patient data was not transferred outside of the hospital's network. The FBI confirmed hackers' typical motivation behind SamSam ransomware attacks is monetary and not for harvesting patient data.

"We were in a very precarious situation at the time of the attack.  With the ice and snow storm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients. Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations," Hancock President and CEO Steve Long said.

More articles on cybersecurity:

5 things a CMIO should be thinking about with University Health System's CMIO Dr. Maulik Purohit

Health IT movers and shakers: 20 latest leadership changes affecting health IT

13 most interesting health IT partnerships this week

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months