The Methodist Hospital in Kentucky has had its records scrambled by ransomware trying to extort money.

The hospital's chief operating officer, David Park said: "We've notified the FBI, we're dealing with federal authorities on how to deal with it. Depending upon the number of records that were locked, depends upon whether we're going to consider looking into whether we pay anything or not."

The hospital reported that their files had been copied, encrypted and the originals deleted. The hospital says that its backups are up to date and accessible.

Last month, the Hollywood Presbyterian Medical Center paid malware operators $11,900 to get their documents back, and similar attacks have been reported in a dozen healthcare facilities worldwide.

Stolen credit cards are available online but not worth very much, whereas medical data which can be used for fraud are gaining in popularity. A case was sighted where an IBM staffer had to physically go to the insurance company and show them that he had no scar for a refund of a $20,000 fraudulent bill.

It seems that the Methodist Hospital has the tools to defeat this attack: continuous and reliable backup and an IT department that knows what it is doing.

Kentucky State Police trooper Shane Settle said: "In the past, we haven't seen crimes in such a large scale like Methodist. In general, the more a criminal commits a crime, the more confident they get, especially if they get away with it. I think that's what you're seeing here is they are shooting for a much larger target and more money."

Source: The Register