Hancock Health, Indiana hit with cyber-attack and pays ransom

Indiana-based Hancock Health was hit with a cyber attack on Thursday last week, which prompted the organisation to shut down its entire network. The full-service healthcare provider posted notices at their entrances of a system-wide outage and employees turned off all computers on the network.

There were no appointments or procedures cancelled because of the cyber attack, and their staff reverted to paper.

The hospital’s leadership, upon consideration of many factors, made the determination to pay the ransom of four bitcoin demanded by the attackers, in order to retrieve the private encryption keys.  Hancock Health CEO, Steve Long, made the following statement:

“We were in a very precarious situation at the time of the attack.  With the ice and snow storm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients. Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”

Joseph Carson, Chief Security Scientist from Thycotic commented: “Sometimes a simple click on a harmless looking email could bring critical systems to a standstill and doctors staring at blank screens. 

Hospitals are exposed to ransomware and need to seriously consider the consequences of not prioritising cybersecurity effectively.  Hospital’s face the challenge of deciding whether to upgrade systems to the latest version of the patched software or more doctors and nurses, this is the crucial decision that the leaders must decide. When ransomware hits the hospital, it could mean that the doctors and nurses become restricted to what they can actually do as a result from their access to sensitive information not being available. Hospitals now face the challenge again with recent vulnerabilities like Spectre and Meltdown on whether to patch and expose systems to poor performance or keep the systems operational though exposed to cyber threats.  For Hospitals sometimes keeping doors open means keeping systems running and with ransomware this is the threat exposed.  Last year in the UK many hospitals had to close their doors and again this example shows the threat is now and the threat is real.

Ransomware is a very destructive variant of malicious malware that makes critical systems and sensitive information inaccessible until a ransom is paid.

Ransom is typically demanded in bitcoin with a 72-hour window to pay before the key is deleted and data is irreversibly lost. The impact this can have on an organization is: temporary loss of systems and access to sensitive information; downtime of operations; financial impact or loss, and incalculable reputation damage.  The most recent variants of ransomware have gone into stealth mode. This means they avoid detection by hiding under the radar from traditional Anti-Malware software that scans the hard drive for malicious software.

The destructive nature of Ransomware and the impact it’s had on individuals and organizations globally has prompted the Department of Homeland Security, US-CERT and the FBI to release alerts encouraging organisations to take this threat seriously before it’s too late.”