Cyber-attack leads Hancock Health to pay hackers up to $50,000

The number of cyber-attacks within the healthcare sector is steadily rising. The demand to access data which is unchangeable, personal and highly confidential has seen healthcare organisations up their game in order to mitigate increased risks surrounding their security.

Hancock Health in Indiana is one recent example, where a ransomware attack has led to the organisation paying up to $50,000 in order to reobtain patient data, medical records and confidential emails. Named SamSam, the hacker gained access through the hospital’s remote-access portal, and locked healthcare professionals out of their systems, altering over a thousand file names to one sole name – “I’m sorry.”

It has been one of the rare times in which a hospital provider has paid the ransom to reobtain patient data, where the organisation worked with legal teams, cyber security experts and the FBI in order to understand how to best resolve the issue.

Upon paying the ransom, it is clear that no patient data was compromised, and the move was solely to receive payment, and not to use the data for other means. The systems were then gradually unlocked.

See also

• Clinical staff need to work with tech giants in the development of digital tools, report finds
• Amazon signals its move further into pharma with new role
• Pfizer closes its neuroscience unit

 “We were in a very precarious situation at the time of the attack,” explained Hancock Health CEO Steve Long. “With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients.

Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”

Nonetheless, to pay the ransom can further encourages hackers to try their luck at penetrating healthcare systems, many of whom are investing in stronger cyber-security, yet are still vulnerable to attack. It is imperative for healthcare organisations to mitigate any potential risks to guarantee not only the safety of patient data, but the full trust of patients and partnering organisations.

The recent breach follows on from Coplin Health Systems, who had to notify over 40,000 patients that their data had been compromised upon the theft of an employee’s laptop from a car late last year. Although adequate security measures were taken, the data was unencrypted, making it vulnerable to attack. However, it has been reported that all functionalities surrounding the laptop have been shut down remotely and it has not been used since, and is routinely monitored.