Hackers return for more money in ransomware attack at Kansas hospital

Hackers are demanding a second ransom from Kansas Heart Hospital after the organization paid to have access to its systems restored last week.

Greg Duick, M.D., the hospital's president, told KWCH12 that his facility paid "a small" amount to the malicious attackers to regain access to its systems. The hackers, however, did not give back full access to files and are asking for more.

The hospital is refusing to pay the second ransom, according to the report.

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

"The policy of the Kansas Heart Hospital in conjunction with our consultants, felt no longer was this a wise maneuver or strategy," Duick said.

He added that the hospital did have a plan in place for such an attack, and said it "helped in minimizing the amount of damage the encrypted agent could do."

"The patient information never was jeopardized and we took measures to make sure it wouldn't be," Duick said.

Ransomware attacks are rising in frequency in the healthcare industry this year. Two high-profile attacks include one at Hollywood Presbyterian Medical Center in February, where the health system paid to have systems restored, and an attack on MedStar Health System in March, though the organization has not yet declared that attack ransomware.

The decision to pay or not pay the ransom is a difficult one for organizations, especially if such an attack takes systems needed to care for patients offline. However, earlier this month, FBI Cyber Division Assistant Director James Trainor said that companies should not pay ransom.

In addition, law professor Shaun Jamison, Ph.D., told FierceHealthIT in April that paying could set a bad precedent.

"When you pay, it's about the fact that these actors might attack you again or attack others," he said. "You don't want to encourage further attacks unless there is no other course of action available."

To learn more:
- here's the report

Suggested Articles

Ramping up value-based care initiatives and improving the patient experience are top priorities for health IT leaders in 2019, a recent survey found.

Duke University has settled a whistleblower lawsuit alleging researchers falsified data to obtain federal grant funding.

When Providence St. Joseph Health’s chief digital officer hosted a Reddit “Ask Me Anything” forum a week ago, he got more than he bargained for.