Analecta Cyber Company Blog: Kentucky’s Methodist Hospital latest to face ransomware

2016-04-11

Kentucky’s Methodist Hospital latest to face ransomware

Methodist Hospital in western Kentucky is considered to be an average-sized medical institution. A couple of weeks ago, hackers targeted the hospital and infected computers with what seemed to be a version of ransomware.

In an official statement posted on the hospital's website, officials there described the event as "an internal state of emergency". The attack happened on March 16 when attackers infected the hospital’s network with a vicious type of computer malware. The malware caused a number of computers in their network to be encrypted and unable to be used unless the hospital paid the ransom to the hackers.

Methodist Hospital released information saying no patient data or records were compromised. On the other hand, details of documents affected by the encryption were not clarified. According to the hospital's spokesperson, a ransomware came from an email which managed to get the network's filter for email spam. When an employee opened the email, the virus immediately infected several computers in a section of the hospital the spokesperson did not name. Like other hospital ransomware incidents, the attackers demanded the ransom be paid with Bitcoin, a payment method preferred by hackers because it is very difficult to trace.

Small-scale operation

According to reports, the hackers demanded only Bitcoins worth about $1,656. This could be a sign that the cybercriminals are small-time attackers targeting random medical facilities. They probably thought facilities like Methodist Hospital may be much more willing to pay a small amount just to get their data and files back. Unless, of course, they have a backup of every data in the compromised computer network. Then they can afford not to pay any ransom and just rely on their backup data. As it so happens, that is what the hospital did. They simply shut down the infected section of their network and waited for five days before their backup was operational.

Methodist Hospital is now coordinating with authorities including the FBI and local police. Hospital officials reiterated that patient information is safe and was not compromised in any way.