Johnson Memorial Health has submitted a report concerning a ransomware attack that occurred on October 1, 2021, which resulted in files encryption of files that affected its IT systems. Emergency procedures were easily followed and workers recorded patient data by hand and wrote prescription medications until systems were recovered.
Ransomware groups normally acquire systems access for a while, possibly weeks or months, prior to ransomware deployment. During those times, they go laterally within the systems to get access to a number of systems they possibly could before ransomware deployment; nevertheless, not all the time.
The Johnson Memorial Healthcare ransomware attack transpired extremely fast. Johnson Memorial Health’s President and CEO Dr. David Dunkle stated the attackers accessed its IT systems on October 1 at 10:31 p.m. Ransomware was deployed at 10:33 p.m., only after 2 minutes. The hospital’s IT staff identified abnormal activity at 10:40 p.m. and shut down its system at 10:45 p.m. to control the ensuing problems.
The attackers sent a ransom demand to Dunkle, however, no ransom payment was made. The experts are still investigating the incident to know the extent of the encryption and the affected systems and data files.
Dr. Dunkle explained that Johnson Memorial Health did not stop providing health care to patients. Surgeries and consultation services carried on as usual yet without computer access, there is a delay in patient registration. Ambulances were redirected to other medical facilities to minimize the load on the hospital workers. The investigation of the attack is still at its early stages and the scope of the affected patient data is still not known at this time.
This is Indiana’s third report of a ransomware attack on a healthcare company. Recently, there was a ransomware attack on Schneck Medical Center in Seymour. In August, there was a ransomware attack on Eskenazi Health in Indianapolis. There is no known relation between these ransomware attacks.