The list of healthcare entities that have become (and will become) victims of ransomware is rapidly growing. The predictions from experts are that the list will grow exponentially into the future.
Last week, Methodist Hospital, located in Henderson, Kentucky, announced that it has become the third healthcare entity in recent weeks to be victimized by ransomware. The first was Hollywood Presbyterian Medical Center in Los Angeles, CA [view related posts here and here], which paid $17,000 to the hackers to regain access to its electronic medical system, and the second known victim was Ottawa Hospital, which reported that it wiped the drives of the affected computers in order to regain access to its data.
Methodist Hospital declared an internal state of emergency and has announced that the FBI is investigating the case. It has been reported that the ransomware involved was able to lock patient files and the hackers demanded money to unlock them. A spokesman from Methodist Hospital has confirmed that the hackers copied the patient records first before locking them. It is reported that the hospital has not decided yet whether to pay the ransom or not.
Despite declaring an internal state of emergency, the hospital was able to activate its back-up system and states that it is operating as usual.
We anticipate that ransomware will continue to be a growing problem for healthcare entities in the future. The valuable lesson learned here is the importance of having a solid back-up system and testing it frequently.