Hackers Held Kentucky Hospital Hostage for Five Days and Walked Away With Nothing

Impact

Hospitals are full of old tech — clacking keyboards, dated operating systems, pagers — essential to saving lives and keeping people safe. Those high stakes make them easy hostages.

A tiny virus spread through the computer systems at Methodist Hospital in Henderson, Kentucky, on Friday, after sneaking in via a spam email. The hackers behind the attack demanded four bitcoin, or about $1,670 at time of writing, to be securely transferred before they'd give the hospital control over their own information.

Instead, the hospital decided to lock its systems down and fight the virus, posting this notice to its site:

"Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services.  We are currently working to resolve this issue, until then we will have limited access to web based services and electronic communications."

Finally, on Tuesday morning, Methodist Hospital reported that it had successfully fended off the attack without paying a dime.

PHILIPPE HUGUEN/Getty Images

Cute little virus: Methodist Hospital was hit with a strain of ransomware called Locky, which sounds adorable. Locky spreads throughout your computer and puts the ".locky" file extension on files, encrypting and scrambling the data.

How do you get out of it? You pay up to whoever has the key, likely the hacker who targeted your systems with Locky.

Other hospitals haven't been as lucky — in February, Hollywood Presbyterian Medical Center in Los Angeles paid a ransom of 40 bitcoins, or $17,000 at the time, to hackers, just to get access to patient records and internal communications.