Another US hospital has become the victim of a ransomware attack. An “unknown party” managed to infect the systems of Hancock Regional Hospital in the state of Indiana last week, demanding an unspecified number of Bitcoins to release the unlock key.
When the attack took place on January 11 it affected the medical center’s email, electronic health records, and other internal operating systems. The hospital stresses that no patient records were removed from its network and patient care has not been significantly impacted.
The institution shut down some systems to prevent further infection and contacted the Federal Bureau of investigation and a national IT security company. As of Saturday morning, these systems were still down, and it continued to use pen and paper to keep patients’ medical charts updated.
Some previous cases of ransomware made their way onto hospital systems via employees opening malicious email or website links, but Steve Long, CEO of Hancock Health hospital, said that wasn’t the case in this instance.
“This was not a 15-year-old kid sitting in his mother’s basement,” Long told the Daily Reporter. He added that the financial demands had not been met, and that the FBI is familiar with this type of sophisticated attack.
“We, like other hospitals, do disaster drills all the time, so this aligns perfectly well with drills that we've had throughout the years on how to continue to deliver world-class care when you have system failures or system breaches,” Rob Matt, the hospital’s strategy officer, told The Indianapolis Star.
Last year saw Kansas Heart Hospital and the Hollywood Presbyterian Medical Center hit by ransomware attacks. It’s likely that the unknown computer virus that infected hospital chain Medstar was also a form of ransomware.