- Indiana-based Hancock Health experienced a ransomware attack on January 11, 2018, according to a statement posted on the organization’s website. Hancock recovered use of its computers and patient information was not adversely affected.
Hospital officials told the Greenfield Daily Reporter that Hancock paid $55,000 to recover approximately 1,400 patient files that had been encrypted. File names were also reportedly changed to “I’m sorry,” and Hancock was told it had seven days to pay the ransom.
Hancock Health CEO Steve Long told the news source that no patient information was taken and that the affected files were backed up and could have been recovered. However, that process would have taken days or even weeks, and would have been expensive.
He added that there will likely continue to be glitches in the computer systems that will need to be addressed in the following days and weeks. But the Hancock computer systems were running again on January 15.
“We’re in the clear in terms of the intrusion,” Long said. “Now, we’re in recovery mode.”
Hackers gained access to Hancock systems by using the hospital’s remote-access portal. The cyber criminals logged in with an outside vendor’s username and password.
Equipment that is used to diagnose and treat patients were not affected in the ransomware attack, Long stated. The patient portal was down though, which could have caused some issues for patients, he said.
Hancock Health Senior Vice President and Chief Strategy and Innovation Officer Rob Matt told the news source that doctors and nurses used pen and paper to keep track of patient records during the downtime.
In the wake of the ransomware attack, Long explained that employees have been asked to reset their passwords. Software that detects patterns that could indicate a similar attack was also implemented.
“Do I think it can happen again? Sure I do,” Long said. “It can happen to anyone.”
It is often strongly recommended that organizations, healthcare included, do not pay a requested ransomware.
FBI Cyber Division Assistant Director James Trainor explained in a 2016 blog post that paying a ransom does not guarantee that a computer network or system would be made accessible again.
“Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity,” Trainor said. “And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
Even so, a 2017 study from Infoblox found that 26 percent of UK and US healthcare IT professionals said that their organization would pay a ransom demand. Twenty-three percent of respondents also stated that they are not confident in their organization’s ability to respond to a cyberattack.
“The widespread disruption experienced by the NHS during the WannaCry outbreakdemonstrated the severe impact to health services that can be caused by a cyberattack,” Infoblox Western Europe Director Rob Bolton said in a statement. “It's crucial that healthcare IT professionals plan strategically about how they can manage risk within their organization and respond to active threats to ensure the security and safety of patients and their data."
Healthcare organizations are investing more heavily into cybersecurity options, the study showed. Eighty-five percent of respondents said they are spending more in cybersecurity, while 12 percent said their cybersecurity spending increased by over 50 percent.
Anti-virus software was the top cybersecurity investment (60 percent), with 50 percent saying that firewalls was the main cybersecurity investment.
“Across the UK and US, healthcare IT professionals are facing growing challenges in securing their networks and devices, with our research highlighting diverse issues ranging from vulnerabilities in medical devices to outdated operating systems and unenforceable security policies,” report authors said. “However, cybersecurity investment is increasing across the board, providing the opportunity for great improvement if deployed effectively.”