Jump to content
Donations Read more... ×
Sign in to follow this  

Hospital Hit With Ransomware Pays Bitcoins

Recommended Posts


Hancock Health fell victim to a cyber attack Thursday, with a hacker demanding Bitcoin to relinquish control of part of the hospital’s computer system.


Employees knew something was wrong Thursday night, when the network began running more slowly than normal, senior vice president/chief strategy and innovation officer Rob Matt said.


A short time later, a message flashed on a hospital computer screen, stating parts of the system would be held hostage until a ransom is paid. The hacker asked for Bitcoin — a virtual currency used to make anonymous transactions that is nearly impossible to trace.


The hospital’s IT team opted to immediately shut down the network to isolate the problem. The attack affected Hancock Health’s entire health network, including its physician offices and wellness centers.


Friday afternoon, Hancock Health CEO Steve Long confirmed the network was targeted by a ransomware attack from an unnamed hacker who “attempted to shut down (Hancock Health’s) operations.”


Hospital leaders don’t believe any personal medical information has been compromised, Long said.


Long declined to disclose details of the attack, including how much ransom has been requested. The attack amounts to a “digital padlock,” restricting personnel access to parts of the health network’s computer systems, he said.


The attack was not the result of an employee opening a malware-infected email, a common tactic used to hack computer systems, he said.


The attack was sophisticated, he said, adding FBI officials are familiar with this method of security breach.


“This was not a 15-year-old kid sitting in his mother’s basement,” Long said.


Protecting patients

Notices posted Friday at entrances to Hancock Regional Hospital alerted visitors to a “system-wide outage” and asked any hospital employee or office using a HRH network to ensure all computers were turned off.


Doctors and nurses have reverted to using pen and paper for now to keep patients’ medical charts updated. Long said he wasn’t aware of any appointments or procedures that were canceled directly related to the incident, adding Friday’s snowy weather contributed to many cancellations.


Most patients likely didn’t notice there was a problem, nor did the attack significantly impact patient care, Long said.


Hospital staff members worked with the FBI and a national IT security company overnight and throughout the day Friday to resolve the issue. Long said law enforcement has been acting in an “advisory capacity,” and declined to release details about the plan going forward, including whether the hospital is considering paying the ransom.


Long commended his staff, especially IT workers, who quickly identified the problem Thursday evening.


“If I was going through this with anybody, this is the team I would want to go through this with because I know what the outcome is going to be,” he said.


Leaders updated hospital employees, totaling about 1,200 people, throughout the day Friday and took steps to be accommodate both patients and staff, including offering free food in the hospital cafeteria all day, Long said.


Long said if there is any suggestion private patient information has been compromised, hospital officials will reach out to those affected, though he doesn’t expect that to become an issue.


“We anticipate questions,” he said. “This is not a small deal.”


A growing problem

Ransomware attacks like the one at Hancock Health are growing more common, according to experts in the field of information technology and cybersecurity.


Some 4,000 ransomware attacks have occurred everyday since 2016, according to a report by the federal Department of Justice — a 300 percent increase from the roughly 1,000 attacks per day in 2015.


Hackers often use phishing techniques — posing as a legitimate company or source the user recognizes — to break into a person’s or company’s computer and take it over, said Von Welch, the director of Indiana University’s Center for Applied Cybersecurity Research in Bloomington.


Rather than stealing private information stored on the computer and using or selling it, hackers who engage in ransomware turn the tables on their victims and refuse to give back control of the device unless someone pays up, Welch said.


It’s “particularly nasty” when hospitals fall victim to a ransomware attack because it can completely cripple the medical facility’s ability to help people, Welch said. Depending on what’s been compromised, hospitals can’t check patients in or gain access to certain essential equipment, he said.


Long said the hospital’s equipment continued to function normally Friday, though he’s troubled someone would target people in need of medical care, when many are at their most vulnerable.


“That somebody would do this to a hospital really boggles the mind,” Long said.


Hacker attacks in Indiana and elsewhere

At least one other Indiana hospital and government unit have fallen victim to similar attacks in recent years.


In November 2016, hackers in Anderson executed a similar cyber-attack on Madison County government servers. Criminals uploaded a computer virus to county officials’ network that restricted officials’ access to confidential files. The hackers then withheld the encryption code – which would allow county officials to retrieve the locked data – for a $200,000 ransom.


Madison County’s insurance carrier recommended officials pay the demands, which they did, regaining access to their system.


Six months earlier, hackers targeted a healthcare facility in Auburn, Indiana, where Dekalb Health’s administrative servers were infected with ransomware.


The threat caused only a minor disruption; the ransom was never paid, and most servers were brought back online shortly after the malware attack, hospital officials said in a news release issued at the time.


Hancock Health had policies in place for such an attack, knowing digital thieves are always on the lookout for a target, Long said.


“Unfortunately,” he said, “we were probably next on the list.”



Share this post

Link to post
Share on other sites

We hear so much about the FBI, NSA & Co monitoring everybody and knowing everything that happens under the Internet sun, yet they don’t do anything about these rascals blackmailing hospitals.


It would seem that such action is low on their priorities compared to spying ordinary citizens.

Share this post

Link to post
Share on other sites
43 minutes ago, Katzenfreund said:

We hear so much about the FBI, NSA & Co monitoring everybody and knowing everything that happens under the Internet sun, yet they don’t do anything about these rascals blackmailing hospitals.


It would seem that such action is low on their priorities compared to spying ordinary citizens.


The important part of your post is the first two words, "we hear."  You don't know what goes on that you don't hear, like the hospital was told not to pay the ransom.  The only reason they paid was that their backup system would have required not hours or days, but a week or better to restore all their systems.  So it was time that caused them to pay.  This was used as an example by security experts as a reason why it is not just good enough to have a backup plan but that the plan needs to be tested because if a system can't be restored quickly enough then the backup is no good.  And FYI, the bitcoins haven't been touched because when they are then the hackers will be caught.  There are a lot of bitcoins sitting idly that are being monitored and haven't been touched in years because the hackers know they can be traced if they try and grab them.  So don't count out the FBI, NSA, or CIA and add to that list Europol and Interpol, which are much more involved than publicly acknowledged.

Share this post

Link to post
Share on other sites


You seem well informed on this case and go into a lot of detail. But it seems to me, you lose the big picture and the essence of the matter.


This is not the first blackmail attack on a hospital, while this criminal act has been going on for a long time, affecting lots of innocent victims. And whom have they caught?

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.