After falling victim to a ransom attack Saturday night, Hancock Health Hospital in Greenfield Indiana paid hackers $55,000 in bitcoin to unlock their network.
A third-party vendor's administrative account was compromised using the remote-access portal which launched SamSam ransomware. Once the virus was in place it infected a large amount of the hospitals IT systems and 1,400 files. The hackers changed the name of the files to "I'm sorry".
Following their incident response plan, Hancock contacted legal representation and the FBI immediately following the discovery of the ransom attack. The attack was contained by Friday and the hospital was focused on recovering patient files.
Hancock was faced with the decision of recovering their data from back-up systems or paying the ransom within 7 days. After weighing their options, Hancock paid the ransom instead of spending more time and money on recovering the files.
"We were in a very precarious situation at the time of the attack" states Steve Long, Hancock Health's CEO. "With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients. Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations."
The files were released Saturday once the bitcoins were received. The hospital was back up and running normally on Monday.
Patient data was not found to be transferred outside of the hospitals network, and the FBI confirmed that the motivation was for ransom payment, and not to harvest patient data.
After evaluation, it was evident that the ransom attack did not impact any of the equipment used to treat patients. However, the patient portal was down during the attack. Once everything was recovered, employees were required to reset their passwords and a new feature was installed to detect similar attacks for the future.
As we and many other organizations have stressed, ransomware is a big deal. Majority of companies and small businesses wouldn't of been able to pay the ransom or handle the downtime. Hackers returned patients files to Hancock and didn't release patient data to the public. This isn't always the case, each ransom is different and comes with individual risks.
We can't stress enough the importance of backing up your business files and having an incident plan in place. Ransomware can strike at any time and can leave your business with unmanageable downtime or worse, in the dark. Contact us today to start the protection process.
