Hancock Regional Pays Bitcoin Ransom After Computer System Hacked

The ransomware attack affected the Indiana hospital's email system, electronic health records and internal operating systems.
Published: January 16, 2018

The computer system at an Indiana hospital was hacked and held for ransom on Thursday night, forcing the hospital to pay in order to regain control.

Rob Matt, the chief strategy officer at Hancock Regional Hospital, says the hackers requested four bitcoins, which roughly amounts to $55,000. The hack affected the hospital’s email system, electronic health records and internal operating systems.

“Hancock Regional Hospital has been the victim of a criminal act by an unknown party that attempted to shut down our operations via our information systems by locking our computer network and demanding payment for a digital key to unlock it,” read a statement from the hospital.

Attackers deployed the SamSam ransomware which infected more than 1,400 files before hospital security managed to contain it, according to RTV6. The ransomware encrypted the files and renamed them “I’m sorry”.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

SamSam ransomware originally appeared two years ago and was used in targeted attacks. The hackers typically scan the internet for computers with open RDP connections.

Steve Long, Hancock Regional CEO, says the ransomware attack happened at around 10 p.m. on Thursday. Hospital employees immediately noticed and IT staff took down the entire network.

The hospital was lined with posters asking employees to shut down any computer until the incident was resolved, reports Bleeping Computer.

The hospital tried to bypass the hack but several factors interfered, forcing them to pay the ransom.

“With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients,” said Long. “Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”

Hospital management says restoring from backups would have taken days, maybe even weeks, to have all systems up and running.

The ransom was paid Friday night with help from the hospital’s attorneys and an Indiana-based security company. On Monday, access was restored and the hospital resumed full operation.

Matt says hospital staff had been adequately trained and were able to continue to provide patient care without electronic system access. Pen and paper were used to update medical records.

Hospital officials stress that no patient information was compromised.

ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series