A hacker out to make a fast buck last week decided to hit an Indianapolis hospital with a ransomware attack, demanding a ransom payment to his Bitcoin wallet in exchange for de-crippling the facility’s computer network.
Hancock Health fell victim to the attack sometime last week, when employees noticed the network started running more slowly than normal, according to local newspaper The Greenfield Reporter.
One of the hospital’s computers then flashed a message indicative of a typical ransomware attack – that the facility’s data was being held “hostage” until a ransom was paid to the attacker.
The hacker, who infiltrated the network using a “sophisticated” attack, encrypted important parts of the Hancock Health network and demanded an undisclosed ransom in Bitcoin, a digital currency almost entirely untraceable in nature.
“This was not a 15-year-old kid sitting in his mother’s basement,” Hancock Health CEO Steve Long told reporters on Friday, after enlisting the help of the FBI and an unnamed security firm to learn more about the attack.
“That somebody would do this to a hospital really boggles the mind,” Long said.
According to the newspaper, the attack drove doctors and nurses back to using “pen and paper” to keep medical charts updated.
According to a recent survey by University of Phoenix College of Health Professions, hackers are increasingly targeting patient records as healthcare providers do little to protect their data. The key reason, according to a healthcare cyber research report for 2017: stolen medical records make for a lucrative extortion tool.
Patient records can be so valuable that some organizations will go to great lengths to obtain them, even if it means doing so without the patients’ consent.
An investigation by the Daily Telegraph has revealed that the data covering every case of lung cancer diagnosed in England over a four-year period was handed by NHS to a firm working with Philip Morris International for the past 30 years. Investigators reportedly fear that the anonymised data could be used in legal cases to downplay the dangers of smoking, or to fight regulation.
This is a Security Bloggers Network syndicated blog post authored by Filip Truta. Read the original post at: HOTforSecurity