Indiana Hospital Pays $55,000 to Get Rid of Ransomware

Reports say that an Indiana hospital paid ransomware criminals $55,000 to get rid of the ransomware that had infected its network last week.

Hancock Health, a regional hospital in the city of Greenfield, Indiana got attacked with ransomware that ultimately hindered the hospital’s operations. The hospital authorities and the IT staff did what was needed to contain the spread of the ransomware and then decided to pay the ransom.

Learn how to protect yourself from ransomware here.

The Greenfield Daily Reporter reports- “Hancock Health paid a $55,000 ransom to hackers to regain access to its computer systems, hospital officials said.”

The report, dated January 15, further says- “Part of the health network had been held hostage since late Thursday, when ransomware locked files including patient medical records.The hackers targeted more than 1,400 files, the names of every one temporarily changed to “I’m sorry.” They gave the hospital seven days to pay or the files would be permanently encrypted, officials said.”

As per reports, the attackers breached the hospital network on Thursday, January 11; they deployed the SamSam ransomware, which went on to encrypt the files on the hospital’s systems and renamed all files “I’m sorry”. The IT staff went into action, taking down the entire network and asking employees to shut down all systems. Some reports also say that though the hospital shut down all systems and its operations were affected, the medical and management staff continued to do their work with pen and paper and patients continued to get care at the hospital’s premises.

It has been reported that the hackers hadn’t stolen any personal information of patients from the hospital network. Moreover, the hospital had backups of all the data as well. Still, the authorities decided to give in to the demands of the hackers; they had given seven days to pay the ransom, failing which the files would be permanently encrypted. The ransom amount of 4 Bitcoin, which happened to be around $55,000 at the time of the transfer, was paid.

The media has quoted hospital authorities as saying that though there were backups of all files, they chose to pay the ransom as restoring the data from the backups could take days or maybe weeks and would also be costly. The Greenfield Daily Reports states that according to the Hancock Health CEO Steve Long, “From a business standpoint, paying a small ransom made more sense…”.

A brief release by Hancock Health states- “At approximately 9:30 PM on Thursday, January 11, 2018, an attack on the information systems of Hancock Health was initiated by an as-yet unidentified criminal group. The attack used ransomware, a kind of computer malware that locks up computers until a ransom is paid, usually in the form of Bitcoin. Through the effective teamwork of the Hancock technology team, an expert technology consulting group, and our clinical team, Hancock was able to recover the use of its computers, and at this time, there is no evidence that any patient information was adversely affected. Hancock is continuing to work with national law enforcement to learn more about the incident. We plan to provide additional information to our community regarding this act soon.”

The hackers, on being paid the ransom, immediately the files and in a couple of days, the hospital’s systems were up and running.

It’s reported that the attackers had gained access to the hospital systems by using the hospital’s remote-access portal; they had logged in with an outside vendor’s username and password.