US hospital shuts down IT systems following cyber-attack

  • 16 January 2018
US hospital shuts down IT systems following cyber-attack

A hospital in the US fell victim to a cyber-attack over the weekend, with hackers accessing computer systems and holding them to ransom.

Hancock Regional Hospital in Indianapolis revealed on Friday that its IT systems had been compromised after being infected by malware. It is believed the infection entered the hospital’s computer network via email.

Regional media outlet The Indianapolis Star reported that hackers had locked down the hospital’s computer systems and were demanding a cryptocurrency payment in return for a digital key that would unlock them.

Hancock Regional Hospital said that no patient information had been compromised.

A statement issued by the hospital read: “Hancock Regional Hospital has been the victim of a criminal act by an unknown party that attempted to shut down our operations via our information systems by locking our computer network and demanding payment for a digital key to unlock it.

“Unfortunately this sort of behaviour is widespread in the world today, and we had the misfortune to be next on the list. We are working closely with an IT incident response company and national law enforcement. At this time, we are deep into the analysis of the situation and see no indication that patient records have been removed from our network.

“In addition to excellent performance by our IT department, our clinical teams have performed exceptionally well, and patient care has not been compromised.

“Our doors are open at Hancock Regional Hospital.”

The FBI is now reported to be investigating the attack, which was detected by hospital staff at approximately 10pm on Thursday 11 January 2018.

Rob Matt, the hospital’s chief strategy officer, told reporters the ransomware attack had affected the hospital’s email system and electronic patient record among other IT systems.

Healthcare organisations represent somewhat of a bullseye for hackers. Not only does the volume of sensitive patient information offer ripe pickings for criminals, but the sheer number of unsecured, networked devices in clinical environments represent an ample array of targets.

The global WannaCry attack in May 2017 revealed the NHS to be a particularly vulnerable target, largely owing to its over-reliance on old computer software as well as a general lack of preparation for cybersecurity incidents.

NHS Digital has since embarked on efforts to bolster resilience against future attacks, including by establishing a security operations centre and investing £250,000 in security training for NHS employees.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups for people with blood disorders have raised concerns about NHS England plans to combine clinical registries in a single platform.
Harnessing AI and cybersecurity to transform healthcare in the UK

Harnessing AI and cybersecurity to transform healthcare in the UK

The UK healthcare sector is in a transformative era, driven by advancements in artificial intelligence (AI). AI has the potential to revolutionise healthcare by improving…
Junior doctors break strike to assist at sites hit by cyber attack

Junior doctors break strike to assist at sites hit by cyber attack

Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts continue to experience major disruption following the cyber attack on Synnovis.

2 Comments

  • The latest news on this one was that “The hackers got hold of an authorized username and password, and with that information, there’s little companies can do to prevent intrusions”. They also apparently paid the ransom 🙁 http://www.greenfieldreporter.com/2018/01/16/01162018dr_hancock_health_pays_ransom/

  • If there is a lesson for the NHS here it’s about the use of email as an attack vector. I really wouldn’t want to be using on premises email at this point. The stakes are too high.

Comments are closed.