Hancock Regional Hospital back online after paying hackers $55,000

  • 18 January 2018
Hancock Regional Hospital back online after paying hackers $55,000

Hancock Regional Hospital has had its IT systems restored after paying off the hackers who infected its computers with ransomware known as ‘SamSam’.

In a press statement issued on Tuesday (16 January), the Indianapolis hospital said it had regained access to “critical systems” after working with the FBI and local cybersecurity firm Pondurance to transfer a bitcoin payment to the attackers.

A hospital spokesperson told Digital Health News four bitcoin comprising a total value of $55,000 (£40,000) had been transferred in exchange for the encryption keys to its computers.

Steve Long, CEO of Hancock Health, said the decision to pay off the hackers was made in order to regain control of its systems “in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients”.

The hospital said that life-sustaining and support systems had remained unaffected during the attack, which happened late last week, and that forensic analysis suggested no patient data had been compromised.

The ensuing investigation revealed the point of entry to be a hospital server on which Microsoft’s Remote Desktop Protocol (RDP) service was enabled and accessible via the internet.

“Forensic analysis determined that an administrative account setup by a vendor of the hospital was compromised and used to gain unauthorised access to a specific system managed by that vendor,” the statement read.

Using this account, the hackers were able to mount an attack against a number of the hospital’s information systems, including its EPR and email client.

The hospital said that critical systems were restored and the hospital back online by Monday 15 January.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Kootenai Health cyber attack impacts 464,000 patients

Kootenai Health cyber attack impacts 464,000 patients

US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack.
Synnovis rebuilds IT systems following London cyber attack

Synnovis rebuilds IT systems following London cyber attack

More than 60 core IT systems used within laboratories are being rebuilt following the cyber attack on pathology system provider Synnovis.
Cyber attacks on critical national infrastructure predicted to increase

Cyber attacks on critical national infrastructure predicted to increase

Mark Edwards, CISO at Digital Health and Care Wales has warned that cyber attacks on critical national infrastructure are likely to increase.