News Feature | February 19, 2016

California Hospital Held For Ransom By Hackers, Pays

By Megan Williams, contributing writer

Data Governance, Security Concerns Drive Adoption Of Private Cloud Solutions

Hollywood hospital decides to pay ransom after being forced to work off paper records for more than a week due to a cyberattack.

Ransomware — malicious software that locks down computer networks in exchange for the payment of a ransom — is at the root of one of the latest cyberattacks on a healthcare organization.

Hollywood Presbyterian Medical Center in California had been in a state of “internal emergency” since February 5, according to NBC Southern California. The Los Angeles Police Department and FBI launched an investigation on February 12 around the attack which left the hospital dead in the water for more than a week.

CEO Allen Stefanek continually maintained that patient care had not been impacted, but some patients were telling a different story — since computer systems went down, e-transmission of patient records was not functioning. This left some patients responsible for delivering and retrieving their medical records, with some driving over an hour while ill. Emergency patients were also occasionally being diverted to other hospitals.

The Attack
The attack was reported by staff members who relayed the attackers’ demands (the reports originally ranged from $17K to $3.6 million in bitcoin) in exchange for the key codes that would restore the system. The hospital reported the attack was not malicious and instead, random.

According to Forbes, employees did not have access to email and were instead communicating via “jammed fax lines.” They also lost access to computers that connect them to medical records, patient care documentation, lab transmission, and X-ray and CT scan sharing. According to ZDNet, it’s not known if any patient or employee information was compromised.

The Payment
According to the LA Times, Hollywood Presbyterian, owned by CHC of South Korea, gave in to demands and paid a $17K (40 bitcoin) ransom to the hacker in question. Stefanek explained his decision in a statement,

“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

The FBI has taken over the investigation, but has not released any specifics around the case.

Ransomware In Healthcare
Ransomware attacks have been increasing in healthcare for some time now.

Since at least 2014, this particular form of cyberattack has become more frequent. Symantec reported a doubling of ransomware attacks between 2013 and 2014. They frequently show up as a warning saying child pornography or some other illegal material has been found on a computer and then demand a ransom from the user to avoid prosecution. More advanced versions though, take the route of the Hollywood attack and simply render computers and networks unusable until payment is received. The software can remain dormant and undetected for days and even weeks before the ransom is demanded according to Mercury News.