Indiana hospital hit by ransomware pays hackers

A Greenfield, Indiana-based hospital paid a ransom recently to regain access to its computer system.

Hancock Regional Hospital confirmed that it had been hit by a ransomware attack January 11, the IndyStar reported. The hospital’s electronic health record system, email, and other network systems were locked down by the ransomware. Hancock already had a disaster plan in place to continue operations without electronic systems, and staff were able to follow the plan and continue to provide patient care. The FBI and an IT incident response organization worked with Hancock to investigate the incident and the extent of the damage.

On January 15, the IndyStar reported that Hancock paid four bitcoins, equivalent to $55,000, to the hackers to regain access to the affected files. Cybersecurity experts, including the FBI, generally discourage paying the ransom. Hancock officials stated that although the decision to pay the ransom was difficult, they determined the cost of paying the ransom was much lower than that of attempting to recover the files.

Investigators determined that the ransomware used in the attack was SamSam, and that the hackers were able to gain access via the hospital’s remote-access portal using a vendor’s username and password.