Cyber-attack leads Hancock Health to pay hackers up to $50,000

By Catherine Sturman
The number of cyber-attacks within the healthcare sector is steadily rising. The demand to access data which is unchangeable, personal and highly confid...

The number of cyber-attacks within the healthcare sector is steadily rising. The demand to access data which is unchangeable, personal and highly confidential has seen healthcare organisations up their game in order to mitigate increased risks surrounding their security.

Hancock Health in Indiana is one recent example, where a ransomware attack has led to the organisation paying up to $50,000 in order to reobtain patient data, medical records and confidential emails. Named SamSam, the hacker gained access through the hospital’s remote-access portal, and locked healthcare professionals out of their systems, altering over a thousand file names to one sole name – “I’m sorry.”

It has been one of the rare times in which a hospital provider has paid the ransom to reobtain patient data, where the organisation worked with legal teams, cyber security experts and the FBI in order to understand how to best resolve the issue.

Upon paying the ransom, it is clear that no patient data was compromised, and the move was solely to receive payment, and not to use the data for other means. The systems were then gradually unlocked.

See also

 “We were in a very precarious situation at the time of the attack,” explained Hancock Health CEO Steve Long. “With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients.

Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”

Nonetheless, to pay the ransom can further encourages hackers to try their luck at penetrating healthcare systems, many of whom are investing in stronger cyber-security, yet are still vulnerable to attack. It is imperative for healthcare organisations to mitigate any potential risks to guarantee not only the safety of patient data, but the full trust of patients and partnering organisations.

The recent breach follows on from Coplin Health Systems, who had to notify over 40,000 patients that their data had been compromised upon the theft of an employee’s laptop from a car late last year. Although adequate security measures were taken, the data was unencrypted, making it vulnerable to attack. However, it has been reported that all functionalities surrounding the laptop have been shut down remotely and it has not been used since, and is routinely monitored.


Featured Articles

Philips Future Health Index Report: AI to Cut Waiting Times

Healthcare technology leader Philips says virtual care and AI is turning in an effort to cope with demand in its Future Health Index Report 2024

HCLTech and Olympus Advance AI into the Healthcare Industry

Giants HCLTech and Olympus Corporation, have developed their partnership to utilise technology and AI to transform the healthcare industry.

Cancer Vaccines Breakthrough a Glimpse of Healthcare Future

As the UK's NHS becomes the first healthcare provider to launch a cancer vaccine testing programme, we explore this groundbreaking oncological treatment

Change Healthcare Cyberattack Fallout Continues

Health Insurance & Finance

McKinsey: National E-health Initiatives on the Rise

Technology & AI

Edwards Lifesciences: a Profile of the Heart Tech Specialist

Medical Devices & Pharma