Hancock Health pays $55k ransom, no patient data exposed

Rodiano Bonacci
Gennaio 17, 2018

A U.S. hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records. Hospital officials opted to pay attackers the requested ransom of 4 bitcoins, which at the time equated to $55,000, to obtain the necessary private keys.

A statement issued by the hospital read: "Hancock Regional Hospital has been the victim of a criminal act by an unknown party that attempted to shut down our operations via our information systems by locking our computer network and demanding payment for a digital key to unlock it". Hackers used that information to gain unauthorized access to a system managed by the vendor - which the hospital did not name - and infected its systems with a ransomware variant known as SamSam. In most cases, ransomware infections prove hard to combat - and they have become increasingly common. The hackers typically scan the internet for computers with open RDP connections. "Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations", said Hancock Health CEO Steve Long.

The hospital tried to bypass the hack but several factors interfered, forcing them to pay the ransom. While officials said Hancock could have recovered the affected files from backups, it would have taken days or possibly weeks to do so.

"With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients", said Long.

The ransom was paid Friday night with help from the hospital's attorneys and an Indiana-based security company.

"The life-sustaining and support systems of the hospital remained unaffected during the ordeal, and patient safety was never at risk", the healthcare provider argued. As of Monday this week, the hospital said critical systems were up and running and normal services have been resumed.

The forensic analysis found patient data was not transferred outside of the hospital's network, and the Federal Bureau of Investigation confirmed the motivation for SamSam hackers is ransom payment, not to harvest patient data.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE