Hancock Health paid a $55,000 ransom to hackers to release more than 1,400 files and regain control of the clinical IT systems at Hancock Regional Hospital.
The decision to make the payment made the most sense from a business perspective, Hancock Health CEO Steve Long told the Greenfield Daily Reporter. Although the files impacted by the breach were backed up and could have been recovered, it would have taken days or weeks to restore them.
“These folks have an interesting business model,” he told the newspaper. “They make it just easy enough (to pay the ransom) ... They price it right.”
Attackers struck the Indiana hospital on Thursday, shutting down access to portions of its IT system, including its medical records platform. According to a release emailed to FierceHealthcare, officials decided to pay the Bitcoin ransom late Friday evening and hackers returned the files shortly thereafter.
The EHR system was back up by Sunday, and no equipment used to treat or diagnose patients were affected. A forensic analysis determined patient data was not transferred out of the hospital's network.
“We were in a very precarious situation at the time of the attack. With the ice and snow storm at hand, coupled with one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients," Long said in a statement.
Hospitals struck by a ransomware attack are faced with the difficult decision about whether to pay the hackers. Last year, Erie County Medical Center in Buffalo, New York, spent nearly $10 million rebuilding its system after declining to pay attackers $30,000 to unlock the system.
The FBI does not support paying ransoms associated with cyberattacks, but its position has softened over the years, recognizing the real-world complexities that hospitals often face.
But experts say paying off ransomware hackers can make that hospital a target for subsequent attacks. Hackers have also been known to return the files with a hidden virus to initiate a future attack.
“I dealt with bad guys for 30 years,” Robert Anderson Jr., managing director in the global legal technical solutions practice at Navigant and a former national security executive at the FBI told FierceHealthcare previously. “I know how they think. If they can burglarize your house and come back five more times without getting caught they are going to do it.”