Hancock Regional Hospital coughs up huge ransom to hackers
Yesterday, it was reported that a ransomware infection infiltrated the systems of Hancock Regional Hospital in Greenfield, IN. The strain, known as SamSam, entered the hospital’s network via an infected vendor and then encrypted the files on it, making them completely inaccessible for hospital staff. In response, and for multiple different reasons and factors, leadership at the hospital made the ultimate decision to pay the ransom, and luckily their files were returned…
This attack couldn’t have come at a worse time for the hospital. While winter storms and freezing temperatures sweep across the Midwest, Hancock Regional and other hospitals are battling a particularly bad flu season. The climate and weather can have a lot to do with the success of malware attacks. When situations are critical, a ransomware infection or computer virus can be devastating. With so many patients relying on care, and conditions outside so severe, management wanted to avoid diverting patients to other hospitals at all costs. To them, it appeared that their “hands were tied” and that paying the ransom was the only way forward… “We were in a very precarious situation at the time of the attack. With the ice and snow storm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients,” said Steve Long, Hancock Health CEO.
Obviously, the hospital didn’t have the proper measures in place to protect from hackers. This includes a very robust, next generation AntiVirus software, routinely performed back-ups and a clear disaster recovery plan. Had they made these investments to strengthen their security posture, they’d be much better off, considering the ransom was 4 bitcoin, which totals over $40,000! This cost doesn’t even include the thousands of dollars lost in downtime, while they were locked out of their systems. While management may have had some type of back-ups and disaster recovery strategy, they clearly weren’t sufficient. In the end, management decided to ditch their back-ups and pay the money to restore their files. “Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations,” said Steve Long.
Tom X. McShane