Hollywood Presbyterian Medical Center revealed on Wednesday that is was the victim of a cyber incident resulting in the hospital paying a cyber-ransom of $17,000 in Bitcoins. On February 5th hackers used malware that locks systems by encrypting files to infect the hospital’s computer systems, including the electronic medical record system, preventing hospital staff from communicating with those systems. The hackers refused to return control of the hospital systems unless the requested ransom was paid.
Law enforcement was immediately notified in this situation and computer experts were engaged to attempt to regain control of the systems. Ultimately, CEO Allen Stefanek stated that “[t]he quickest and most effective way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.” Computer systems were restored on February 15th and the hospital reports that patient care was not compromised as a result of this attack. The hospital maintains that there is no evidence that patient records were stolen as a result of this event.
Events involving cyber-ransom have become more common and are likely to increase significantly in the future. The health care industry and those serving the industry have been victims of increased breach incidents and cyber-ransom events may be the next wave of attacks on the industry. Companies should ensure that systems are adequately protected against these attacks and that procedures are in place to respond to cyber attacks.