News Feature | March 28, 2016

Backup And Recovery System Allows Methodist Hospital To Regain Control After Ransomware Attack

Christine Kern

By Christine Kern, contributing writer

BDR Review For MSPs

Kentucky hospital claims it fended off a ransomware attack.

Bitcoin ransomware is an emerging threat to protected data systems across both the private and public sectors, with the recent attack against Hollywood Presbyterian Medical Center in California serving as an example. And on March 21, PYMNTS published a report of a town being held hostage via a bitcoin ransomware attack.

Most recently, a hospital in Kentucky faced a ransomware attack that left it in an “internal state of emergency,” according to a Krebs On Security report, but the hospital reports it has fended off the attack without giving into the ransom demands.

In the attack on Methodist Hospital, in Henderson, KY, ransomware made it through the hospital’s email filter and affected the use of its electronic web-based services, according to Healthcare Informatics. The issue was revealed in a message on the hospital’s website on March 18, stating, “We are currently working to resolve this issue, until then we will have limited access to web based services and electronic communications.”

The attack was reported on March 18, when NBC 14 News reported the FBI was investigating a cybersecurity breach at the hospital. “Officials at Methodist Hospital say this hack is ransomware in action. Hackers have locked patients’ files and they’re demanding to regain access to them,” the report said.

But by Monday, March 21, the hospital was claiming the ransomware attack was over and that they had not paid anything to the attackers and that no patient data or records have been compromised, according to NBC 14 News.

Cyber criminals used the same ransomware in both the Hollywood and Methodist hospital attacks, a version called Locky which is spread via email attachments that encrypt all data on an infected system and deletes the originals. Methodist Hospital immediately transferred services to its backup system while the main system was incapacitated by the ransomware, underscoring the importance of ensuring reliable backup processes as part of proactive defense against cyber-attack.