Hancock Regional Hospital CEO Steve Long, left, sits for an interview with CBS 60 Minutes correspondent Scott Pelley about the 2018 cyberattack against it. Submitted photo
Hancock Regional Hospital CEO Steve Long, left, sits for an interview with CBS 60 Minutes correspondent Scott Pelley about the 2018 cyberattack against it. Submitted photo
GREENFIELD — CEOs don’t always welcome correspondents from “60 Minutes,” but when one visited Hancock Regional Hospital last week, the boss was eager to share his story.

The topic was the crippling January 2018 cyberattack at the hospital, believed to be launched by hackers in eastern Europe. The hospital decided to pay a $55,000 ransom rather than attempt to fight through the encryption of thousands of files. The hospital would later discover that core components of its system had been corrupted, making paying the ransom unavoidable.

The decision raised eyebrows but also won praise for its pragmatism.

Hancock Health CEO Steve Long said that in the year since the hack, the hospital has been “on the road” sharing its experience, how it’s improved its cybersecurity and what others should know if they ever find themselves under a similar attack. He said the hospital has given the presentation about 20 to 25 times all over the country.

Then, “60 Minutes” called in March to say producers were doing research for a segment and asked if they could come to Greenfield to talk about Hancock Health’s experience, Long said. The hospital happily obliged, he added.

Correspondent Scott Pelley and a crew of about a half dozen were at the hospital Thursday and Friday, Long said.

“When you have a major news company that comes in and a major news figure like Scott Pelley comes in, it’s kind of thrilling to participate in that,” he said. Pelley formerly was anchor of the “CBS Evening News” and has been a leading correspondent on the long-running magazine show for 15 years.

A surgery recovery room at the hospital became a makeshift television studio for the interview, Long continued, complete with cameras, lights and monitors. Crew members also shot background footage throughout the hospital, he said.

“It was quite a production,” Long said.

The cyberattack put the hospital in the national spotlight, but it also has been a learning experience, Long continued.

“It’s not one of those events you would want to relive, but we came through it just remarkably well,” he said.

Looking back, Long said, it’s remarkable how quickly the hack was resolved. It started on a Thursday, and by the following Monday, besides a few odds and ends, everything was back to normal.

Before the attack, the hospital’s preparation level for such events was average to above average, Long said. Ever since, the hospital is “very, very prepared,” he added.

Long said the experience taught the hospital that not all antivirus and anti-malware software is created equal. A lot of protective software merely works by detecting a virus’s particular signature, he said. But in order to work, the software needs to be familiar with that signature to begin with.

Now the hospital has a system in place that isn’t on the lookout for signatures, but rather patterns, Long said. When it notices the pattern of a malicious event unfolding, it shuts the process down.

“That means it can respond to stuff it’s never even seen before,” he said.

Hancock Health has also since contracted with Pondurance, a cybersecurity firm with a staffed command center.

“We learned if we’re attacked by humans and the only thing we have to defend ourselves is software, then the humans will win,” Long said. “We now have humans on our side that are looking for specific triggers.”

While last year’s cyberattack wasn’t spurred by clicking on a malicious link in an email — the hackers gained access through a vendor’s credentials — that’s how most hacks happen, Long said. Hancock Health has always trained staff on how to recognize malicious emails, and now they’ve increased that training even more, he added.

Long said when the hospital shares its experience, it urges organizations to operate not with a mindset of if something like a cyberattack can happen, but when.

Long does not yet know when Hancock Health will be on CBS but is glad “60 Minutes” saw merit in the story.

“It’s kind of cool that right here in Greenfield, Indiana we have something that is worthy of a major news organization coming in and talking about,” he said.
-30 -

Copyright © 2019 Daily Reporter