Lessons Learned from a Ransomware Attack: A Hospital CEO’s Perspective
View from the C-Suite
// By Althea Fung //
The evening of January 11, 2018, Steve Long, president and CEO of Hancock Health and Hancock Regional Hospital, got a call he’s not likely to soon forget.
“Our administrator on call had received a call from the lab. They said there is something wrong with our computers,” says Long. Not long after, the nursing staff began to report that their computers had slowed down. Then a message began to appear on computer screens throughout the hospital:
Your network has been encrypted.
If you would like decryption keys, you have one week to pay us 4 Bitcoin.
Hancock Regional Hospital in Greenfield, Indiana had become a victim of a ransomware attack.
The attack on Hancock couldn’t have come at a worse time. The region was bracing for a winter storm, which would bring rain, freezing rain, sleet, gusty winds, and one to six inches of snow. Area emergency departments were on diversion because of a high volume of flu cases. With its files locked — and filenames changed to “weapologize” or “SORRY-FOR-FILES” — the hospital was at a standstill.
During a ransomware attack at Hancock Regional Hospital, all file names changed to “weapologize” or “sorry-for-files.”
The hospital was hit with the SamSam ransomware, a pernicious malware that attacked 67 organizations in 2018, nearly a quarter of which were health care organizations, according to a report by cybersecurity company Symantec. SamSam also hobbled the city of Atlanta and LabCorp. In November, the Department of Justice indicted two Iranian men who were allegedly behind the attack, which cost victims an estimated $6 million in ransom payments and $30 million in damages.
Targeted ransomware attacks — malicious software designed to block access to a computer system until a sum of money is paid — are on the rise, particularly in health care. According to the 2019 Cybersecurity Almanac, health care has been the most cyber-attacked industry over the past five years. Accenture, a global management consulting and professional services firm, estimates these breaches cost health care organizations as much as $113 million.
How well is your organization prepared for a ransomware attack? What are the immediate steps your leadership would need to take to ensure continuity? Would you choose to go public with an attack, or keep it out of the news?
Here, Steve Long, Hancock’s president and CEO, shares how he led his organization during a ransomware crisis, and what he recommends others do to make sure they are prepared. “It’s not a question of if it’s going to happen, but when it’s going to happen,” says Long.