Indiana health network pays about $55,000 ransom to hackers

A suburban Indianapolis health network said it paid a $55,000 ransom to hackers to regain access to hospital computer systems, making it the latest health system around the globe targeted by money-seeking hackers.

Hancock Health said an "unidentified criminal group" initiated the attack late last week and targeted more than 1,400 files. The health system said it was given seven days to pay a ransom in bitcoins, and after the virtual currency was transferred, its staff regained access to the computer systems.

Hancock Health said it found no evidence that patient information was adversely affected. At the time of the transfer, the four-bitcoin ransom was worth about $55,000, The Daily Reporter of Greenfield reported.

Hancock Health includes about two dozen health care facilities, including Hancock Regional Hospital in Greenfield, about 15 miles (24 kilometers) east of Indianapolis. An FBI spokeswoman said the agency was investigating the attack, but she declined further comment.

Hancock Health CEO Steve Long said the hackers are believed to be in eastern Europe and may have used a type of ransomware called SamSam, which is strategic about its ransom amounts and the methods for victims to pay up.

"These folks have an interesting business model. They make it just easy enough" to pay the ransom, Long told The Daily Reporter. "They price it right."

He told WRTV the ransom was paid "to expedite our return to full operations."

Ransomware attacks are on the rise around the world. In February 2016, the Hollywood Presbyterian Medical Center in California said it paid a $17,000 ransom to regain control of its computers from hackers. And last May, a global ransomware attack infected hundreds of thousands of computers worldwide and crippled parts of Britain's National Health Service, leading to thousands of canceled appointments and operations.

The National Health Service computers systems were eventually restored after a British hacker discovered a "kill switch" in the original hacker's code and managed to trip that switch.

An Indiana cancer services agency was hit in January 2017 by hackers who demanded a ransom of 50 bitcoins, or about $43,000, for access to its data. The Muncie-based Cancer Services of East Central Indiana-Little Red Door didn't pay that ransom and instead replaced its data system. But in late 2016, central Indiana's Madison County paid hackers $21,000 to obtain encryption keys to regain access to government data stored in its computer system.

A 2016 report by Cisco Systems Inc. found that the same type of ransomware used in Thursday's attack in Indiana is a virus that exploits computer server vulnerabilities without requiring human interaction. Hackers use such software to target large-scale networks and hold data hostage by encrypting it to make it unreadable until the targeted entities pay requested ransoms.

The same virus hit the MedStar Health Inc. hospital chain in the U.S. in 2016. MedStar said at the time that it paid nothing to the hackers.