Hancock Health Pondurance Incident Response Story

My name is Steve Long, and I am the President and CEO of Hancock Health and Hancock Regional Hospital here in Greenfield, Indiana, a suburb just east of Indianapolis – right on Interstate 7. Hancock Health is a small to midsize health system serving the people of greater Hancock County. We have about 1,300 employees, which is kind of amazing when you consider that there are 150 active physicians and 400 volunteers. It is an extraordinary organization, and we are all about making Hancock County the healthiest place in the entire state of Indiana.

That night, early in January 2018, I was at home in bed because I’m a grandfather, so I get to go to bed at 9 o’clock at night. I got a call from our administrator on call, who was our CFO. And he said, Hey, not to worry you, but there’s something happening on a computer in the lab. And then I began to get copied on these secure messages on a system that we use from the nurse administrator to the nurses saying, Hey, there’s some kind of a message on many of our computers. And I came in to discover that we had been attacked, and our entire system had been encrypted with ransomware. 

After we did a number of things in a panic and turned off our entire system, we made a couple of calls that were key to us. One was to our attorney at Hall Render, Mark Swearingen, who is a very good friend now. We said we need some help because we don’t know what to do now. And he said: I know exactly the people to call, and it is not the Ghostbusters. It is Pondurance. 

So we called Pondurance at 3:30 in the morning, and they immediately picked up the phone and thus began a three-day journey where we got ourselves out of a ransomware incident and began to decrypt our system, having most of it back available just three days later.