Another hospital in Indiana has suffered a ransomware attack that affected some of its servers and prevented files from loading correctly. On 11 January, an employee of Adams Memorial Hospital of Decatur, Indiana notified administrators that some files didn't look correct. Susan Sefton, a spokesperson for the hospital, said the network went blank before files on the system read “sorry.” Bitdefender reasons that modification is likely the result of "I'm Sorry," a type of ransomware discovered in 2017. I'm Sorry appends all files it encrypts on an infected machine with "imsorry." It then drops a .txt file containing instructions for how the user can pay the ransom in each folder on the infected computer that contains encrypted files.
A screenshot of the I'm Sorry ransom note. (Source: PCrisk) As a result of the attack, the Berne Outpatient Clinic and three physicians were unable to use the hospital's network to access patient history or schedule appointments. This unavailability affected between 60 and 80 patients. Doctors have since regained access to the network, but there's still the question of whether the attack affected patients' information. Adams Memorial Hospital doesn't seem to think so. As it told WANE-TV:
While AHN did experience a business interruption throughout the weekend as we worked to restore the affected severs, there was never an interruption in patient care. We are continuing to assess the severity of the situation, but at this time we believe no patient files have been accessed. At no time during this event has the quality and safety of patient care been affected.
The attack occurred on the same day that Hancock Regional Hospital of Greenfield, Indiana suffered a ransomware attack. That incident ultimately prompted the hospital to pay $50,000 in ransom to those responsible for the infection. These assaults demonstrate that the risk of a ransomware attack is growing for hospitals. With that said, healthcare organizations more generally need to strengthen their network security measures and take extra care in maintaining the security of their electronic medical record systems. To learn how Tripwire can help with this latter objective, click here.