Hancock Regional Hospital hit by ransomware attack, pays ransom

GREENFIELD, Ind. (WISH) –  A ransomware attacker hit  the computer network of Hancock Regional Hospital, its chief strategy officer said Friday.

The hospital said that during the attack a vendor of the hospital was compromised and as a result, a number of the hospital’s information managed by that vendor were infected by the ransomware, SamSam. The files on that system were then locked up, requiring a private key, held by the attackers, to unlock those files.

According to Hancock Regional Hospital, their leadership team ultimately made the decision to pay the ransom demanded by the hackers, which was four bitcoin. After paying the ransom, a private key was then obtained and the files unlocked.

The hospital said the decision to pay the ransom included a variety of factors, including the cold weather.

“We were in a very precarious situation at the time of the attack. With the ice and snow storm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients, said Hancock Health CEO, Steve Long. “Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”