{
	"id": "47339a7a-f441-4e3a-839a-df93dea28081",
	"created_at": "2026-04-06T15:52:09.276225Z",
	"updated_at": "2026-04-10T03:20:04.179411Z",
	"deleted_at": null,
	"sha1_hash": "f6b4f715db4f66d12ac53000909da19c1b0299fa",
	"title": "Locky Ransomware Strain Led Kentucky Hospital to an “Internal State of Emergency”",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 300407,
	"plain_text": "Locky Ransomware Strain Led Kentucky Hospital to an “Internal\r\nState of Emergency”\r\nArchived: 2026-04-06 15:46:53 UTC\r\nA red marquee bannered on the homepage of the Methodist\r\nHospital in Henderson, Kentucky announced a cyberattack that successfully penetrated their networks, prompting\r\nit to operate under an “internal state of emergency”. The advisory said, “Methodist Hospital is currently working\r\nin an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based\r\nservices.  We are currently working to resolve this issue, until then we will have limited access to web based\r\nservices and electronic communications.”\r\nThe incident involved a ransomware attack that hit the hospital’s computer systems and hostaged files by way of\r\nencrypting and rendering these useless unless a ransom gets paid to obtain a corresponding decrypt key.\r\n[Read: How ransomware worksnews- cybercrime-and-digital-threats]\r\nAccording to Methodist Hospital Information systems director Jamie Reid, the malware in question belonged to\r\nthe Locky strain of crypto-ransomware, which is capable of encrypting valuable files like documents and images\r\non the infected system before deleting the original files. This means that a victim can only regain access to the\r\ndata either by paying the demanded ransom, or by accessing backups outside the infected network. It was then\r\nreported that the attackers demanded four bitcoins for the key, an amount totaling USD $1,600.\r\nIn late Februarynews- cybercrime-and-digital-threats, Locky was found infiltrating systems through a malicious\r\nmacro found in a Word document. The ransomware strain gets delivered into a victim’s system through email\r\nmasquerading as an invoice with an attached Word document laced with malicious macros. Such is the case with\r\nthe Methodist Hospital attack, wherein recipients of the malicious email downloaded and opened a malicious\r\nattachment.\r\n[Read: Locky, a new crypto-ransomware type discoverednews- cybercrime-and-digital-threats]\r\nAccording to Reid, the ransomware succeeded in expanding its reach from its initial infection to several systems\r\nfound in the network. The hospital reacted by shutting down all of its desktop computers, before turning them\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency\r\nPage 1 of 3\n\nback online, one machine after another to check for infection—a process that caused the hospital to temporarily\r\nprocess everything on paper.\r\nDavid Park, attorney for the Methodist Hospital said, “We have a pretty robust emergency response system that we\r\ndeveloped quite a few years ago, and it struck us that as everyone’s talking about the computer problem at the\r\nhospital maybe we ought to just treat this like a tornado hit, because we essentially shut our system down and\r\nreopened on a computer-by-computer basis.”\r\nThis incident happened barely a month after reports of a similar ransomware attack on another medical institution\r\nsurfaced. In February 2015, the networks of the Hollywood Presbyterian Medical Centernews article were\r\nparalyzed by the same tactic, disrupting hospital operations. This led the institution to pay a ransom that amounted\r\nto $17,000 in bitcoins.\r\nHowever, other means have also been devised by cybercriminals to profit from attacks on the healthcare industry.\r\nA recently-reported data breach involving cancer treatment center 21st Century Oncology Holdingsnews-cybercrime-and-digital-threats exposed the information of over 2 million patients. A separate incident involving a\r\nphishing attack on research and treatment facility City of Hopenews article has led to the unauthorized access of\r\nan employee email account containing protected health information such as patient names, medical record\r\nnumbers, dates of birth, addresses, and other patient and clinical information.\r\nWith that said, given the difference of attack strategies employed in these mentioned incidents, it goes to show that\r\nattacks on the healthcare industry show no signs of slowing down. The numbers back it up; according to the\r\nrecorded data breach incidents in 2015, healthcare was identified to be the most affected industry.\r\nThis can be explained by the fact that the healthcare industry houses repositories of profitable types of information\r\nthat can easily be used to stage other attacks, such as identity theft and even blackmail and other extortion\r\nschemes. The number of incidents that involve the theft of medical data shows that these types of data aren’t as\r\nsecure, making it an even more ideal target. \r\n[Read: Why is the healthcare industry an ideal target?news article]\r\nAs of this writing, the hospital’s officials have shared a report to a local TV station that the incident has already\r\nbeen handled and that its internal digital systems are now “up and runningnews article”. While the investigation is\r\nongoing and no further details have been divulged, it was noted that no ransom was paid and patient information\r\nwasn't compromised. That said, COO David Part shared that currently, with the main network still in downtime, a\r\nback-up system has been activated and no operation disruption is being experienced.\r\nHIDE\r\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your\r\npage (Ctrl+V).\r\nImage will appear the same size as you see above.\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency\r\nPage 2 of 3\n\nSource: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency"
	],
	"report_names": [
		"locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency"
	],
	"threat_actors": [],
	"ts_created_at": 1775490729,
	"ts_updated_at": 1775791204,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f6b4f715db4f66d12ac53000909da19c1b0299fa.pdf",
		"text": "https://archive.orkl.eu/f6b4f715db4f66d12ac53000909da19c1b0299fa.txt",
		"img": "https://archive.orkl.eu/f6b4f715db4f66d12ac53000909da19c1b0299fa.jpg"
	}
}