Critical access hospital hit with ransom, gets help and doesn’t pay

On June 28, Wickenburg Community Hospital, a critical access facility in Arizona, suffered a ransomware attack.

When personnel arrived to work at the facility, a ransom demand was on a computer screen. The organization soon learned that data on the network was encrypted in a way that the data could not be recovered by the hospital, and the FBI was notified.

“Hospital employees did a stellar job of responding to the cyberattack and did everything possible to return core systems to functionality, protect patient information and partner with law enforcement agencies,” says Jim Tavary, President and CEO. “We have no indication or evidence to suggest any patient data was compromised.”

However, the phone systems were allowing outbound calls but not inbound calls, and shared files were not accessible.

Wickenburg Hospital-CROP.png

The ransomware used was Ryuk, which encrypts files on network shares and infects computer systems.

After being informed by police that ransom fees could range from $170,000 to $560,000, the organization did not contact the attacker or pay the ransom.

The hospital put together the technical team and worked with other professionals to sanitize the servers and network storage to restore core systems.

The Wickenburg region has about 7,500 residents, serves rural communities within 3,300 square miles and has a telestroke partnership with Mayo Clinic.

For reprint and licensing requests for this article, click here.