Hancock Health Hit with Ransomware Attack, Pays $55K to Recover Data | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Hancock Health Hit with Ransomware Attack, Pays $55K to Recover Data

January 16, 2018
by Heather Landi
| Reprints
Click To View Gallery

Hancock Health, a health system based in Greenfield, Indiana, was hit with a ransomware attack Thursday night, and in response, according to media reports, health system officials shut down the entire network and eventually paid the hacker a bitcoin ransom in the amount of $55,000.

According to a post on the health system’s website, at approximately 9:30 p.m. on Thursday, January 11, an attack on the information systems of Hancock Health was initiated by an “as-yet unidentified criminal group.”

“The attack used ransomware, a kind of computer malware that locks up computers until a ransom is paid, usually in the form of Bitcoin. Through the effective teamwork of the Hancock technology team, an expert technology consulting group, and our clinical team, Hancock was able to recover the use of its computers, and at this time, there is no evidence that any patient information was adversely affected,” the health system stated.

And, health system officials said that Hancock is continuing to work with national law enforcement to learn more about the incident. Health system officials also reported that the particular type of ransomware used in the attack was the SamSam ransomware.

According to an article by local newspaper the Greenfield Daily Reporter, hospital officials told the newspaper that Hancock Health paid a $55,000 ransom to hackers to regain access to its computer systems. During the time the network was done, doctors and nurses reverted to pen and paper to keep track of patients’ medical records, local media reported. And, health system officials posted written notices outside Hancock Regional Hospital informing patients and employees of problems with the hospital’s computer system.

Greenfield Daily reporter Samm Quinn wrote that the health system paid the ransom around 2 a.m. Saturday, and about two hours later, the files had been returned, citing health system officials.

According to local media reports, staff members at the hospital noticed computers were running slower than usual Thursday evening. “A short time later, a message flashed on a hospital computer screen, stating parts of the system would remain locked until a ransom was paid. Hospital leaders later learned the hacker gained access to the system by using the hospital’s remote-access portal, logging in with an outside vendor’s username and password,” as reported by the Greenfield Daily Reporter.

The article quoted Hancock Health CEO Steve Long as stating that the attack was not the result of an employee opening a malware-infected email, a common tactic used to hack computer systems.

Quinn wrote in the Greenfield Daily Reporter article posted January 15, “Part of the health network had been held hostage since late Thursday, when ransomware locked files including patient medical records. The hackers targeted more than 1,400 files, the names of everyone temporarily changed to ‘I’m sorry.’ They gave the hospital seven days to pay or the files would be permanently encrypted, officials said.”

Quinn further reporter quoted Long, Hancock Health CEO, as stating that an analysis since the attack confirmed no personal patient information was taken by the hackers, believed to be located in eastern Europe.

In that same article, Quinn reported, “The affected files were backed up and could have been recovered, but restoring them would take days — maybe even weeks — and would be costly, Long said. And, Quinn also reported, “From a business standpoint, paying a small ransom made more sense, he said.”

And, Quinn reported that the hacker asked for four bitcoins. “At the time of the transfer, those four bitcoins were valued at about $55,000,” she reported.

And, according to Quinn’s reporting, health system officials faced some tough decisions about whether to pay the ransom. The article quotes Long as saying, “These folks have an interesting business model. They make it just easy enough (to pay the ransom). They price it right.”

The hackers released the files early Saturday after retrieving the bitcoins uploaded to the web, Quinn reported. “By Monday, the hospital’s computers systems were up and running, though Long anticipated there could be some glitches to address in coming days and weeks,” Quinn wrote in the article.

And, Quinn reported that by midday Saturday, “the hospital’s network servers were up and running, WiFi was enabled, and IT staff members were inspecting each of the files to ensure they weren’t infected with any other malware. By Sunday evening, Hancock Health’s electronic medical record system was fully functional again for the first time since Thursday.”

The health system enlisted the help of a cyber security company as well as the FBI. The Greenfield Daily Reporter article cites Chris Bavender, a spokeswoman for the FBI’s Indianapolis field office, who declined to comment on the situation, citing the agency’s ongoing investigation into the attack at Hancock Health.

2018 Cleveland Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

March 27 - 28, 2018 | Cleveland



Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.