Hancock Health Hit with Ransomware Attack, Pays $55K to Recover Data | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Hancock Health Hit with Ransomware Attack, Pays $55K to Recover Data

January 16, 2018
by Heather Landi
| Reprints
Click To View Gallery

Hancock Health, a health system based in Greenfield, Indiana, was hit with a ransomware attack Thursday night, and in response, according to media reports, health system officials shut down the entire network and eventually paid the hacker a bitcoin ransom in the amount of $55,000.

According to a post on the health system’s website, at approximately 9:30 p.m. on Thursday, January 11, an attack on the information systems of Hancock Health was initiated by an “as-yet unidentified criminal group.”

“The attack used ransomware, a kind of computer malware that locks up computers until a ransom is paid, usually in the form of Bitcoin. Through the effective teamwork of the Hancock technology team, an expert technology consulting group, and our clinical team, Hancock was able to recover the use of its computers, and at this time, there is no evidence that any patient information was adversely affected,” the health system stated.

And, health system officials said that Hancock is continuing to work with national law enforcement to learn more about the incident. Health system officials also reported that the particular type of ransomware used in the attack was the SamSam ransomware.

According to an article by local newspaper the Greenfield Daily Reporter, hospital officials told the newspaper that Hancock Health paid a $55,000 ransom to hackers to regain access to its computer systems. During the time the network was done, doctors and nurses reverted to pen and paper to keep track of patients’ medical records, local media reported. And, health system officials posted written notices outside Hancock Regional Hospital informing patients and employees of problems with the hospital’s computer system.

Greenfield Daily reporter Samm Quinn wrote that the health system paid the ransom around 2 a.m. Saturday, and about two hours later, the files had been returned, citing health system officials.

According to local media reports, staff members at the hospital noticed computers were running slower than usual Thursday evening. “A short time later, a message flashed on a hospital computer screen, stating parts of the system would remain locked until a ransom was paid. Hospital leaders later learned the hacker gained access to the system by using the hospital’s remote-access portal, logging in with an outside vendor’s username and password,” as reported by the Greenfield Daily Reporter.

The article quoted Hancock Health CEO Steve Long as stating that the attack was not the result of an employee opening a malware-infected email, a common tactic used to hack computer systems.

Quinn wrote in the Greenfield Daily Reporter article posted January 15, “Part of the health network had been held hostage since late Thursday, when ransomware locked files including patient medical records. The hackers targeted more than 1,400 files, the names of everyone temporarily changed to ‘I’m sorry.’ They gave the hospital seven days to pay or the files would be permanently encrypted, officials said.”

Quinn further reporter quoted Long, Hancock Health CEO, as stating that an analysis since the attack confirmed no personal patient information was taken by the hackers, believed to be located in eastern Europe.

In that same article, Quinn reported, “The affected files were backed up and could have been recovered, but restoring them would take days — maybe even weeks — and would be costly, Long said. And, Quinn also reported, “From a business standpoint, paying a small ransom made more sense, he said.”

And, Quinn reported that the hacker asked for four bitcoins. “At the time of the transfer, those four bitcoins were valued at about $55,000,” she reported.

And, according to Quinn’s reporting, health system officials faced some tough decisions about whether to pay the ransom. The article quotes Long as saying, “These folks have an interesting business model. They make it just easy enough (to pay the ransom). They price it right.”

The hackers released the files early Saturday after retrieving the bitcoins uploaded to the web, Quinn reported. “By Monday, the hospital’s computers systems were up and running, though Long anticipated there could be some glitches to address in coming days and weeks,” Quinn wrote in the article.

And, Quinn reported that by midday Saturday, “the hospital’s network servers were up and running, WiFi was enabled, and IT staff members were inspecting each of the files to ensure they weren’t infected with any other malware. By Sunday evening, Hancock Health’s electronic medical record system was fully functional again for the first time since Thursday.”

The health system enlisted the help of a cyber security company as well as the FBI. The Greenfield Daily Reporter article cites Chris Bavender, a spokeswoman for the FBI’s Indianapolis field office, who declined to comment on the situation, citing the agency’s ongoing investigation into the attack at Hancock Health.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



KLAS Research: Small Hospitals’ Buying Decisions Impacting EMR Market Share

A new KLAS Research report tracks shifts in electronic medical record (EMR) vendor market share among acute care hospitals, and finds that smaller hospitals are seeking technology solutions that meet their needs and limited budgets, and these contracts are making a mark on the EMR market.

Survey: Majority of Providers Predict Success for New Generic Drug Company, Project Rx

Back in January, four health systems, in consultation with the VA, announced a collaboration to develop a new, not-for-profit generic drug company. A survey has found that 90 percent of providers say they would become customers of the new venture.

Personalized Medicine Awareness Low Among U.S. Adults, Survey Finds

Genetics and personalized medicine are not top of mind for the general public in the U.S., according to a recent survey from GenomeWeb and the Personalized Medicine Coalition.

Industry Organizations Praise Senate Passage of VA Mission Act

The U.S. Senate on Wednesday passed, by a vote of 92-5, a major Veterans Affairs (VA) reform bill that includes health IT-related provisions to improve health data exchange between VA healthcare providers and community care providers.

NIH Issues Funding Announcement for All of Us Genomic Research Program

The National Institutes of Health’s (NIH) “All of Us” Research Program has issued a funding announcement for genome centers to generate genotype and whole genome sequence data from participants’ biosamples.

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).