Ransomware Deployed 2 Minutes After Hackers Gained Access to Johnson Memorial Health’s Network

Share this article on:

Johnson Memorial Health has announced it was the victim of a ransomware attack on October 1, 2021. The attack saw files encrypted which crippled its IT systems. Emergency protocols were immediately implemented and employees are manually recording patient information and writing prescriptions until systems can be restored.

Ransomware gangs often gain access to systems days, weeks, or even months prior to deploying ransomware. During that time, they move laterally within networks to gain access to as many systems as possible before ransomware is deployed; however, not always.

The attack on Johnson Memorial Healthcare occurred at lightning speed. According to Dr. David Dunkle, President and CEO of Johnson Memorial Health, the hackers gained access to its IT systems at 10:31 p.m. on Friday night and deployed ransomware 2 minutes later at 10:33 p.m. The hospital’s IT department detected abnormal activity around 10:40 p.m. the same evening and shut down its network at 10:45 p.m. to minimize the damage caused.

A ransom demand was issued by the attackers, but Dunkie says no payment has been made. An investigation is now underway to determine the extent of the encryption and which systems and files have been affected.

Dunkie said medical care continues to be provided to patients and surgeries and appointments are continuing as normal, although without access to computers there may be a delay with patient registration. The decision was taken to divert ambulances to alternative facilities to reduce the burden on the staff. The investigation is still in the early stages and it is currently unclear to what extent patient information has been involved.

This is the third ransomware attack to be reported by an Indiana healthcare provider recently. Schneck Medical Center in Seymour announced last week that it was attacked with ransomware, and Eskenazi Health in Indianapolis suffered a ransomware attack in August. The attacks do not appear to be related.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On