Indiana hospital shuts down systems after ransomware attack

Hancock Regional Hospital's computer system was compromised by a hacker demanding bitcoins in ransom.
Hancock Regional Hospital entrance

An Indiana hospital suffered the first ransomware attack aimed at a health care provider this year when part of Hancock Regional Hospital’s computer system was compromised by a hacker demanding bitcoins in ransom.

The infection began on Thursday Jan. 10 with ransomware malware known as SamSam. One day later, the hospital paid the full bitcoin ransom of four bitcoins to the attackers. On the day the ransom was paid, four bitcoins was worth approximately $45,000.

Hospital administrators received the private keys from the hackers on Friday and, by Monday, all hospital systems were restored, according to a hospital spokesperson.

“The hospital’s leadership, upon consideration of many factors, made the determination to pay the ransom of four bitcoin demanded by the attackers, in order to retrieve the private encryption keys,” Hancock Health CEO Steve Long said in a statement.


“We were in a very precarious situation at the time of the attack. With the ice and snow storm at hand, coupled with the one of the worst flu seasons in memory, we wanted to recover our systems in the quickest way possible and avoid extending the burden toward other hospitals of diverting patients. Restoring from backup was considered, though we made the deliberate decision to pay the ransom to expedite our return to full operations.”

Local media reported that when the attack began on Thursday Jan. 10, the hospital shut down its computer systems and email in order to prevent any further issues. The compromise impacted email, health records and internal operating systems but did not touch patient information, Rob Matt, the hospital’s chief strategy officer, told reporters.

Hancock Regional Hospital, located in Greenfield, Ind., confirmed the issue publicly on Friday. It’s not clear how much bitcoin was demanded, but the hospital told The Indianapolis Star that the ransom has not been paid as of Friday. The FBI is investigating.

After shutting down the computers, hospital staff used a pen and paper while the administration worked with an unspecified cybersecurity firm and law enforcement, according to the Greenfield Reporter.

The hospital released a statement to the local Fox affiliate station confirming that “Hancock Regional Hospital has been the victim of a criminal act by an unknown party that attempted to shut down out operations via our information systems by locking our computer network and demanding payment for a digital key to unlock it.” The statement concluded by confirming that that “our doors are open at Hancock Regional Hospital.”


Ransomware is estimated to be a $2 billion per year criminal industry. The hackers who lock targeted machines and then demand cryptocurrency in ransom are enjoying both the meteoric rise in value of the cryptocurrency and a climb in the average ransomware demand to $1,000, a 266 percent rise from 2016.

Update: Hancock Hospital’s new comment was added on Tuesday.

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts