Ransomware attack on Hancock Health drives providers to pen and paper

The first reported hospital ransomware attack in 2018 was sophisticated – and not caused by an employee opening a malicious email.
By Jessica Davis
11:16 AM
Ransomware attack indiana

Greenfield, Indiana-based Hancock Health was hit by a ransomware attack on Thursday night, which prompted officials to shut down the entire network, according to local news outlet Greenfield Daily Reporter.

The network began running slowly on Thursday night, and shortly after a ransomware notice appeared on a hospital computer screen. The hacker said it would hold parts of the system hostage until officials paid a bitcoin ransom.

[Also: Why hospitals must focus on risk assessments, breach response to strengthen cybersecurity]

The health system's IT team immediately shut down the network, including physician offices and wellness centers to isolate the virus. Officials said it appeared the hacker was attempting to shut down hospital operations, using a "digital padlock" to restrict access to certain parts of the system.

Hancock posted notices at hospital entrances of a system-wide outage and employees were instructed to turn off all computers on the network. Providers reverted to pen and paper for recording patient visits. No appointments or procedures were canceled because of the cyberattack.

The attack was sophisticated and wasn't caused by an employee opening an infected email, an official said.

"This was not a 15-year-old kid sitting in his mother's basement," Hancock Health CEO Steve Long told the Greenfield Daily Reporter.

Officials did not disclose the ransom amount or whether the hospital would pay.

Hancock worked with the FBI and an IT security company to remove the virus, with law enforcement working in an "advisory capacity."

Hancock officials told Healthcare IT News that they are currently working through recovery and will provide an update in a few days.

Security experts have warned that ransomware will continue to plague the industry this year, and hackers will increase the sophistication of attack methods. Ransomware profitability has declined as user education and security defenses have improved.

"The healthcare sector has probably suffered more than most, in terms of ransomware," said McAfee Chief Scientist Raj Samani. "What we're seeing today is the broken proliferation of ransomware, which really started in healthcare."

McAfee predicted that hackers will pivot from ransomware in its traditional form to more cyber sabotage and service disruptions.

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.