Ransomware Attack on Johnson Memorial Health’s Network

Johnson Memorial Health has reported a ransomware attack last October 1, 2021 resulting in the encryption of files that sabotaged its IT systems. Emergency procedures were quickly enforced and staff members manually recorded patient data and wrote prescriptions up to the time systems were restored.

Ransomware groups usually obtain systems access some time, perhaps weeks or months, before ransomware deployment. At that time, they go laterally inside networks to obtain access to many systems they possibly can prior to deploying the ransomware; however, not at all times.

The ransomware attack on Johnson Memorial Healthcare happened really fast. As per Dr. David Dunkle, Johnson Memorial Health’s President and CEO, the attackers acquired access to its IT systems at 10:31 p.m. on October 1 and deployed ransomware at 10:33 p.m., which is 2 minutes later. The hospital’s IT team discovered abnormal activity at about 10:40 p.m. and de-activated its network at 10:45 p.m. to limit the resulting problems.

The attackers issued a ransom demand, however, Dunkie did not give any ransom payment. An investigation is currently ongoing to find out the scope of the encryption and the particular systems and data files affected.

Dr. Dunkie stated that Johnson Memorial Health continued to provide medical care to patients. Surgeries and consultations continued as usual but with no computer access, patient registration may be delayed. Ambulances were diverted to other hospitals to lessen the load on the hospital staff. The investigation is just in its beginning stages and the extent of affected patient information is still presently unknown.

This is the third report of a ransomware attack in Indiana by a healthcare provider. Last week, Schneck Medical Center in Seymour reported a ransomware attack. Eskenazi Health based in Indianapolis also reported a ransomware attack last August. There seems to be no relationship between the attacks.