Methodist Hospital recovering from five day ransomware attack, claims it did not pay up

Cybercriminals locked down enough of the Kentucky hospital’s data that it was forced to declare an internal state of emergency. Now officials are saying they resolved the situation without giving into attackers’ demands.
By Bernie Monegain
09:47 AM
Methodist Hospital in Henderson, Kentucky, is the latest victim in a string of ransomware attacks.

Methodist Hospital in Henderson, Kentucky, said that it has regained control of its computer systems and effectively fended off a ransomware attack without paying the cybercriminals.

The attack started last Friday, March 18, and lasted five days, during which Methodist officials declared an internal state of emergency and posted this to their website:

“Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services.  We are currently working to resolve this issue, until then we will have limited access to web based services and electronic communications.”

As of this morning that message remained live and a local TV station is reporting that the FBI is investigating the attack.

[Also: Hollywood Presbyterian hack signals more ransomware to come.]

In reports last week, Methodist Hospital COO David Park said  that "Depending upon the number of records that were locked, depends upon whether we're going to consider looking into whether we pay anything or not." Methodist Hospital officials also noted the hospital would depend on its back-up system while the main network is locked.

A similar attack was levied against Hollywood Presbyterian Medical Center in Los Angeles just last month. In that case, hospital executives paid $17,000 in bitcoin to hackers. And just last week attackers locked down four computers at Ottawa Hospital, after which officials said they had the data backed-up and thus did not need to pay the ransom.  

The Institute for Critical Infrastructure Technology, meanwhile, published new research predicting that “in 2016 ransomware will wreak havoc on America’s critical infrastructure community,” and that ransomware is now so prevalent it's creating an economy all its own. Criminals operating in the so-called Ransomware economy, in fact,  savvy criminals are using social engineering and price calculations to target low-risk high-reward victims.

[Like Healthcare IT News on Facebook]

Ransomware is responsible for 406,887 attempted infections and accounts for a total of approximately $325 million in damages, according to a November, 2015 according to the Cyber Threat Alliance.

“In most instances the majority of security and law enforcement professionals would advise against paying the hackers, because, 1) there is no guarantee you will get the decryption key, and 2) there is the fear that it will encourage others to follow suit,” Mac McMillan, cofounder and CEO of security firm CynergisTek, wrote in a commentary published on Healthcare IT News on Feb. 23, after Hollywood Presbyterian was attacked. “I would argue that is easy advice to give if you are not the one looking down the barrel of the ransom note. Until you have walked in those shoes you don't really know what you will do.”

Twitter: @Bernie_HITN