Ransomware attackers collect ransom from Kansas hospital, don't unlock all the data, then demand more money

Kansas Heart Hospital declined to pay the second ransom, saying that would not be wise. Security experts, meanwhile, are warning that ransomware attacks will only get worse.
By Bill Siwicki
02:58 PM

Kansas Heart Hospital was the victim of a ransomware attack and after it paid the first one, attackers boldly demanded a second ransom to decrypt data.

Kansas Heart Hospital president Greg Duick, MD told local media that patient information was not endangered and routine operations were not affected. He declined to say how much money Kansas Heart Hospital paid the cybercriminals, only that it was “a small amount.”

Wichita-based Kansas Heart is the second hospital to publicly state that it paid the ransom. Hollywood Presbyterian in February was forced to pay $17,000 after attackers originally demanded $3.4 million.

[Special report: Ransomware to get worse, hackers targeting whales, IoT triggers new vulnerabilities]

Duick explained that Kansas Heart Hospital did not pay the second ransom request and said that along with consultants it did not think that would be a wise move, even though attackers still appear to have some of their data locked. He also said that they think the attackers are an offshore operation.

Ransomare is a growing plague in the healthcare realm, which is notoriously behind other industries such as banking and retail in optimally securing its data and information technology.

“Ransomware has been an inconvenient truth for a while, a tried and tested dance where an attack is launched and the ransom is modest, just enough where many organizations just pay it to make the problem go away,” said Ryan Witt, vice president and managing director of the healthcare industry practice at security specialist Fortinet.

While the industry is waking up to this problem because of high-profile cyberattacks that have occurred within the past year or so, including those against MedStar Health, Chino Valley Medical Center and its sister site Desert Valley Medical Center, Methodist Hospital in Kentucky.  

[Healthcare IT News and HIMSS Analytics Quick HIT Study: More than half of hospitals hit with ransomware]

Duick told local media that Kansas Heart Health was aware that of the looming ransomware threat and had a plan in place, highlighting the reality that many hospital do not really know how they’ll respond to an attack once it happens.

“Demands for funds are soaring, and the problem is organizations are paying. Ransomware will get worse before it gets better,” Witt said. “You don’t want to think of return on investment as it pertains to criminal activity, but there is a strong ROI, and these attackers are quite sophisticated and know there is money to be made.”

Sign up for the Healthcare IT News Privacy & Security Update newsletter. 

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.