Hollywood hospital pays ransomware attackers $17,000 to release its systemsBy Rob Thubron 43 comments
As anyone who has experienced it will tell you, ransomware can be a nightmare. Once it infects a network, it can encrypt all the files and will demand payment (nearly always Bitcoin) before it hands over an unlock key. These attacks often come with a warning that unless the ransom is paid within a set time, the key will be destroyed and the user will never be able to access their data.
While finding you've been infected with ransomware is bad, it can be especially problematic for organizations such as hospitals. Such was the case for the Hollywood Presbyterian Medical Center, which had its network locked up by a ransomware attack on February 5, and has only recently regained control of its systems after paying $17,000 to the attackers.
After the ransomware was discovered, staff at the hospital were forced to use land lines, fax machines, and keep paper records for the ten days that the network was locked down. Some patients had to be sent to other hospitals for procedures such as CT scans.
Reports claimed that the attackers had originally demanded 9000 bitcoins, or about $3.5 million, to release the system. But it appears that this was negotiated down to 40 bitcoins, equal to around $17,000.
Speaking about the hospital's decision to pay the ransom, CEO Allen Stefanek said in a statement: "The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this."
CSO reports that it's highly unlikely the hospital was specifically targeted, and that the ransomware was likely down to an employee clicking on a malicious link or downloading an unexpected attachment on a hospital computer.
The hospital has stressed that there is no evidence to suggest any patient records were compromised. It will continue to work with security consultants, local authorities, and the FBI, who are investigating the matter.