US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with $55,000.

A Hancock Regional Hospital official has confirmed that a cyberattack involving ransomware struck and compromised the hospital’s IT system. Hackers demanded a ransom payment of 4 bitcoins in return for a decryption key to regain access.

The hospital’s chief strategy officer revealed to a local publication that the hack occurred sometime around 10 PM on Thursday last week and immediately spread to take control of the hospital’s email system, electronic health records as well as other internal operating systems. The ransomware deployed, as reported the Daily Reporter, is SamSam, a variant of malware ransomware that targets vulnerable servers and predictably spreads across a network after its installation on a single machine belonging to the network. SamSam can be used and deployed through remote access, tunneling, batch script usage that allows running of malware on multiple machines as well as web shell deployment.

The official also stressed that no patient information has been compromised as a result of the intrusion.

He stated:

What we do know is that no patient information has been affected, so at this point, there’s no understanding of any consequence other than our system is being held.

Over 1,400 files were targeted, with each one of their names temporarily encrypted and changed to “I’m sorry.”

The hackers are likely to have gained access by logging in with a third-party vendor’s credentials in order to access the hospital’s remote access portal, according to Hancock Health CEO Steve Long.

While the affected files were backed up and could have been recovered, restoring them could’ve taken days, even weeks which makes them an expensive task, according to Long. Paying a ransom, from a business standpoint, made sense and the hospital paid up.

“These folks have an interesting business model. They make it just easy enough (to pay the ransom),” he said. “They price it right.”

After receiving the payment, the hackers released the files.

Image credit: Pexels.