Posted in Breaches

Bad choice or no choice? Indiana health network pays $47,000 to ransomware attackers

Chris Nerney
Chris Nerney, Contributing Writer |
Bad choice or no choice? Indiana health network pays $47,000 to ransomware attackers

Law enforcement experts strongly advise healthcare organizations never to reward ransomware attackers who lock them out of their own IT systems and then demand payment in exchange for allowing providers to regain access to their digital records.
But an Indiana-based health network caved in last week, paying roughly $47,000 in bitcoin on Saturday, January 13, two days after ransomware attackers used malware to lock its computer system.
Hancock Health, based in Greenfield, Indiana, said in a statement posted Monday on its website that “there is no evidence that any patient information was adversely affected.”
That’s good news. It’s also good news that the hackers kept their part of the bargain by releasing the health network’s files after collecting on the ransom because, as law enforcement notes, that doesn’t always happen. Some hackers will renege after being paid, and demand yet another payment from a victimized provider.
Unfortunately, Hancock Health may have put a target on its back.
There are lists out there,” CynergisTek CEO Mac McMillan tells Healthcare IT News. “If you pay once, you may end up having to pay again because you’ve been marked as an organization that will pay.”
Even though Hancock Health immediately contacted the FBI – which warns against paying ransomware – after the attack was discovered, CEO Steve Long said in a statement that extenuating circumstances made paying the ransom the logical course of action.
“We were in a very precarious situation at the time of the attack,” Long said. “With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients. Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”