Hollywood hospital pays $17K ransom to regain control of hacked computers
The computer systems at the Hollywood Presbyterian Medical Center were down for nearly two weeks after being infected by ransomware on February 5.
According to Reuters, the hospital paid a ransom of $17,000 worth of bitcoins to clear their systems of the malware, saying in a statement that it was the "quickest and most efficient way" to get the situation back to normal.
The “virus” blocked access to medical records, including test results and registration of new patient, and emails, forcing staff to use paper and pens, as well as faxes and “old-school” record-keeping systems until the bounty is paid. Computers are also essential for lab work and the sharing of X-rays and CT scans.
Hackers reportedly wanted a ransom of 9,000 bitcoins, or almost $3.7 million, in exchange for the key codes to restore the system.
According to the hospital, “patient care has not been compromised.” However, its patients were directly affected by the attack. Many came to the Center to pick up medical test results in person. Some of the emergency patients had to be diverted to neighboring facilities, while others missed treatments.
In an interview with NBC, Hollywood Presbyterian CEO Allen Stefanek said that he believes “it was clearly not a malicious attack,” but rather “a random attack.”
This might be the case. According to Ars Technica, the ransomware could be part of a trend of attacks against businesses and larger institutions.
"The targeted attacks that I'm aware of started to become more prevalent over the course of 2015," security researcher Roel Schouwenberg told the news outlet. "Companies don't like talking about these incidents because they're worried they may escalate the situation they're in or become targets for other attackers.”
In its 2015 Data Breach Industry Forecast, Experian, a global information services group, predicted “healthcare breaches will increase” since the industry is “a vulnerable and attractive target for cybercriminals.”
The FBI had taken control of the hacking investigation, but was reluctant to discuss specifics of the case.
The cyberattack on Hollywood Presbyterian is the latest reported. It followed the similar hacking of a regional hospital in Mount Pleasant, Texas, in January. The hospital went offline for a week, but refused to pay the ransom. In September, another hospital in Florida went offline for five days due to ransomware.