A hospital shut down its network after a ransomware attack restricted authorized personnel access to some of its computer systems. On 12 January, Hancock Regional Hospital confirmed in a statement that it had suffered a ransomware attack. As quoted by FOX59:
Hancock Regional Hospital has been the victim of a criminal act by an unknown party that attempted to shut down out operations via our information systems by locking our computer network and demanding payment for a digital key to unlock it. Unfortunately this sort of behavior is widespread in the world today, and we had the misfortune to be next on the list. We are working closely with an IT incident response company and national law enforcement. At this time, we are deep into the analysis of the situation and see no indication that patient records have been removed from our network. In addition to excellent performance by our IT Department, our clinical teams have performed exceptionally well, and patient care has not been compromised. Our doors are open at Hancock Regional Hospital.
The Daily Reporter writes that the trouble first started on 11 January when staff noticed the network was running much slower than usual. Not long thereafter, a message appeared on at least one hospital-owned computer's screen stating that authorized personnel wouldn't be able to access parts of the Greenfield-based healthcare provider's systems until it paid a ransom in Bitcoin. The amount of that ransom demand isn't known at this time. Hancock Regional's IT team decided to immediately suspend the hospital's network while it works with the FBI and a "national IT security company" to determine what happened and how it should respond. Hancock Health CEO Steve Long said the ransomware attack didn't originate from a malicious email but declined to provide additional comments about its delivery vector. Long did say, however, that the ransomware didn't significantly affect patient care. The hospital posted a notice at its entrances on 12 January informing patients of a "system-wide outage." Even so, doctors and nurses were able to update patients' medical records using pen and paper and to fulfill most of the scheduled appointments that weren't cancelled due to inclement weather.
A notice hangs outside an office at Hancock Regional Hospital, alerting patients and employees of problems with the hospital's computer system.(Tom Russo | Daily Reporter)
Rob Matt, the hospital's chief strategy officer, told IndyStar that the hack affected the Hancock Regional's electronic health records, among other systems, but that it had not exposed patients' information:
What we do know is that no patient information has been affected, so at this point, there’s no understanding of any consequence other than our system is being held. We, like other hospitals, do disaster drills all the time, so this aligns perfectly well with drills that we’ve had throughout the years on how to continue to deliver world-class care when you have system failures or system breaches.
Unfortunately, Hancock Regional isn't the first hospital to suffer a ransomware attack. Hollywood Presbyterian Medical Center made headlines in February 2016 when the southern California medical center paid $17,000 for the restoration of its systems following a ransomware attack. More than a year later, the May 2017 global outbreak of WannaCry ransomware affected 34% of National Health Service (NHS) trusts in England. Attackers will continue to target hospitals with ransomware going forward. With that said, it's important that healthcare providers everywhere protect their systems against crypto-malware and other digital threats. To learn how Tripwire's solutions can help in this regard, click here.