Hancock Health pays $55,000 ransom after SamSam locked up 1400 files; no patient data stolen
Samm Quinn has an update on the Hancock Health ransomware incident first reported the other day. The hospital ultimately paid a $55,000 (4 BTC) ransom to regain access to its systems, because although it could restore from backup, it would have taken more time.
The hackers targeted more than 1,400 files, the names of every one temporarily changed to “I’m sorry.” They gave the hospital seven days to pay or the files would be permanently encrypted, officials said.
An analysis since the attack confirmed no personal patient information was taken by the hackers, believed to be located in eastern Europe, said Hancock Health CEO Steve Long.
Of note, the hospital revealed that the hackers gained access to the system by using the hospital’s remote access portal, “logging in with an outside vendor’s username and password.”
We’ve said it before and said it again: business associates and vendors continue to pose a significant risk in the healthcare sector, and if your vendor or business associate uses weak passwords to access your system and then fails to secure them (e.g., one of their employees falls for phishing, or their employee’s login is snagged in another attack and is the same login they use for you, well…..)
Read more on Greenfield Reporter.