a $ 50,000 ransomAttack.Ransomto hackers who hijacked patient data . The ransomware attackAttack.Ransomaccessed the computers of Hancock Health in Greenfield through an outside vendor 's account Thursday . It quickly infected the system by locking out data and changing the names of more than 1,400 files to `` I 'm sorry . '' The virus demandedAttack.Ransomfour bitcoins in exchange for unlocking the data , which included patient medical records and company emails . The hospital paidAttack.Ransomthe amount , about $ 50,000 at the time , early Saturday morning , said Rob Matt , senior vice president and chief strategy officer . `` It was n't an easy decision , '' Matt said . `` When you weigh the cost of delivering high-quality care ... versus not paying and bearing the consequences of a new system . '' The data started unlocking soon after the money was transferred , Matt said . `` The amount of the ransomAttack.Ransomwas reasonable in respect to the cost of continuing down time and not being able to care for patients , '' Matt said . Hancock Health includes about two dozen health care facilities , including Hancock Regional Hospital in Greenfield , about 15 miles east of Indianapolis . The health system said in a news release that patient data was not compromisedAttack.Databreach. Life support and other critical hospital services were not affected , and patient safety was never at risk . Ransomware is a growing digital extortion technique that affected tens of thousands of Americans in 2016 , USA TODAY reported . Criminals use various phishing methodsAttack.Phishingthrough emails or bogus links to infect victims with malicious software . The virus infects the computer network by encrypting files or locking down the entire system . Victims log on and receive a message telling them the files have been hijacked and to get the files back they will have to payAttack.Ransom. Hospitals are a frequent target of these attacks . In May , a ransomware virus affected more than 200,000 victims in 150 countries , including more than 20 % of hospitals in the United Kingdom . That attack was later traced to North Korea . Hancock Health said it worked with the FBI and hired an Indianapolis cybersecurity expert for advice on how to respond to the attack . The systems were back Monday after paying the ransomAttack.Ransom. “ We were in a very precarious situation at the time of the attack , '' Hancock Health CEO Steve Long said in a statement . `` With the ice and snowstorm at hand , coupled with the one of the worst flu seasons in memory , we wanted to recover our systems in the quickest way possible . '' Hospital officials could have retrieved back up files , but Long said they feared restoring the hijacked data would take too long . `` We made the deliberate decision , ” Long said , `` to pay the ransomAttack.Ransomto expedite our return to full operations . ''