California Hospital Held Hostage By Hackers Pays $17,000 Ransom To Unlock Records
The cyberattack forced Hollywood Presbyterian Medical Center to return to pen and paper for its record-keeping.
The Associated Press:
Hospital Paid 17K Ransom To Hackers Of Its Computer Network
A Los Angeles hospital paid a ransom in bitcoins equivalent to about $17,000 to hackers who infiltrated and disabled its computer network, the medical center’s chief executive said Wednesday. It was in the best interest of Hollywood Presbyterian Medical Center to pay the ransom of 40 bitcoins — currently worth $16,664 dollars — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement. (Dalton, 2/17)
Los Angeles Times:
Hollywood Hospital Pays $17,000 In Bitcoins To Hackers Who Took Control Of Computers
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Hollywood Presbyterian CEO Allen Stefanek said. “In the best interest of restoring normal operations, we did this.” Stefanek said patient care was never compromised, nor were hospital records. (Winton, 2/17)
Modern Healthcare:
Hospital Pays Hackers $17,0000 To Unlock EHRs Frozen In 'Ransomware' Attack
Healthcare organizations, along with small businesses and schools, make good targets for ransomware attacks because they don't typically have the sophisticated backup systems and other resilience measures that are typical at large corporations, said Lillian Ablon, a cybersecurity expert with the RAND Corp., a California think tank. For example, two smaller healthcare organizations—a three-physician surgical practice in 2012 and an 18-bed critical-access hospital in 2014—were hit by ransomware attacks. The smaller ransom amount in the Hollywood Presbyterian case is more in line with customary ransomware demands, according to security experts. The demands typically track with the nuisance value of not having to restore databases and computer systems. (Conn, 2/17)