Hancock Health’s Encrypted Files Unlocked After Paying $55K Ransom

Files Unlocked After Paying Ransom

Hancock Health in Indiana, Greenfield experienced a ransomware attack which compelled hospital personnel to make use of pen and paper to manually document patient health details. The hospital’s IT department attempted to stop the ransomware attack and access of encrypted documents.

It happened at 9:30 pm when the ransomware attack began encrypting Hancock Health’s files. The ransomware made the system operate slowly and ransom notes showed up on the computer screen to denote file encryption. The IT staff quickly turned off the network system to stop the damage from the ransomware attack. A third-party incident response team arrived to assist in mitigating the attack.

A ransomware attack could possibly interrupt patient services. However Hancock Health had the ability to manage patient services. Patient visits and appointed surgical procedures carried on as usual. The investigators of the unpleasant incident found no proof that indicate patient data was stolen. It appeared that the reason for the attack was simply to disturb the network and encrypt data files, in order that the hacker can pressure the hospital to pay ransom to get the files unlocked.

The Greenfield Reporter published a report on the type of ransomware. It is known as SamSam and it has been utilized for targeting a lot of healthcare companies in the US over the past year. The attacker, who’s still unidentified, asked for a ransom of 4 Bitcoin in turn for the keys to unlock the encrypted files.

Hancock Health adopted the condition of HIPAA to have backups. In this instance of a ransomware attack, Hancock Health can restore the data files from backups however it will take quite a while. A healthcare facility will never be able to get patient data and information for a few days or weeks. Thus, the hospital simply made a decision to pay for the ransom amounting to $55k. It wasn’t a simple decision, however the hospital considered it the best choice to prevent disruption. The hospital obtained the keys to unlock the encrypted files in 2 hours of paying for the ransom. All things were normal again the next day.

Generally, ransomware attacks take place simply because an employee replied to phishing emails or went to malicious sites. Nevertheless the attack on Hancock Health was advanced. It wasn’t due to a staff that responded to a phishing email.

To prevent future ransomware problems or restrict its severity, Hancock Health set up a brand new software which could detect shady activities that come before a ransomware attack. The law enforcement’s investigation remains ongoing to achieve a complete idea of the incident.