Hancock Health officials say patient safety was never at risk during a ransomware attack at the Greenfield hospital late last week.
An unknown group targeted the hospital Thursday night, encrypting data files on some information systems. Hospital leadership paid the demanded ransom of four bitcoins worth about $55,000 to regain access to encrypted files, according to hospital representatives.
“We were in a very precarious situation at the time of the attack,” said Hancock Health CEO Steve Long in a statement. “With the ice and snow storm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients. Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”
The statement says the hospital’s “life-sustaining and support systems” were unaffected during the incident.
Hancock Health worked with Indianapolis-based cyber security firm Pondurance, LLC to investigate the attack. That investigation discovered the attackers gained access to Hancock Health systems through an administrative account set up by a vendor.
The attackers used the ransomware known as SamSam to encrypt data files on the systems, according to the statement.
Hospital officials say they don’t believe patient data was transferred outside of the hospital’s network. The FBI cyber-crime task force provided assistance in the aftermath of the attack.
“The FBI further confirmed during this investigation that the typical motivation of the criminal elements that leverage the SamSam ransomware is to obtain ransom payment, not harvest patient data,” the hospital statement says.
Officials say the hospital systems have returned to normal.