Commenting on the decision to hand over $17,000, Allen Stefanek, president of the medical center, said in a release, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
Stefanek said the hospital’s electronic medical records system was restored at the start of this week, adding that it was now working with a team of experts “to understand more about this event.”
The attack occurred on February 5, and while it caused serious disruption for several weeks, the hospital insists there’s no evidence to suggest patients’ medical records were accessed by the hackers at any point.
The FBI is investigating the incident.
Original story published on February 16, 2016:
Ransomware is always going to present a major headache for any victim, but when a hospital is at the center of an attack, the matter suddenly appears more threatening, with the stakes potentially a whole lot higher.
Take the Hollywood Presbyterian Medical Center in Los Angeles. Its computer systems have been offline for more than a week following a ransomware attack, with hackers reportedly demanding a $3.4 million payment to restore access, CSO reported Monday.
Staff are understandably having a hard time coping, with procedures such as CT scans unable to be carried out. In some cases, patients are being ferried to nearby medical facilities for treatment.
The ongoing incident also means hospital workers are unable to gain access to important documents, patient data, and emails. Instead, staff have had to step back in time, firing up fax machines and making more use of pens and paper to keep track of work at the facility.
The hospital has confirmed the attack, and says that so far it has no evidence to suggest patients’ medical records have been accessed by the hackers, the BBC reported.
The FBI and LAPD are now examining the incident, but with the ransom unpaid and the investigation ongoing, those working at the facility have been told to keep off their computers until further notice. The hospital hasn’t said publicly how it’s dealing with the situation, or revealed what kind of data backup systems it has in place.
It’s not clear how the hospital’s computer systems were infected with the ransomware, but it may have been a simple case of a member of staff clicking on a malicious link or attachment in an email. Such action would then have opened the way for the malware to automatically take over a system, locking users out until a sum of money is paid to the hackers.
It’s possible cybercriminals targeted the hospital in the belief that, considering the important nature of its work, it’d be more likely to pay up. However, there’s been no indication that the facility intends to do that.
