Hospital Held Ransom by Cyber Criminals
On February 5, 2016, Hollywood Presbyterian Medical Centre in Los Angeles was hacked and fell victim to a ransomware attack. The computer systems have been offline for over a week and a half, and according to the hackers will not come back online until they receive a ransom payment of 9,000 in Bitcoin currency, equivalent to $3.4 million USD.
Because there are so many medical forms and procedures that are recorded and performed using the system, it has understandably been frustrating for the staff at the medical centre. This continuing incident means that staff are unable to access to documents such as patient data or emails. As a result, all registration and additions to medical records need to be inputted by hand with pen and paper.
While the hospital reports that patient care has not been compromised or affected, patients are still feeling an impact. All ambulances have been diverted from the hospital and patients awaiting results will have to keep waiting as most documents are sent and received electronically to the hospital. Some patients who require procedures like CT scans are being transferred to nearby hospitals to receive the care they need but there’s only so much that the surrounding hospitals can do to help. According to The Medical Quack, a health care blog, the hospitals Radiation and Oncology departments, which are computer-reliant, are completely shut down.
The hospital has released little information about the attack, however, there has been confirmed reports that the FBI and LAPD are investigating with the help of a cyber forensic team, who are examining the systems to get it back online as quickly as possible. While it’s not yet public how the hospital’s computer systems were infected with this ransomware, it could have been as simple as a staff member clicking on a malicious link or an attachment in an email. This action may have allowed the malware to take control of the system, locking all users out until the ransom money has been paid to the hackers. Until the situation is resolved, all staff members have been forbidden to log on or use the system to avoid any further implications of the hack.
According to Allen Stefanek the hospital’s President and CEO, who spoke to NBC, there is no evidence that health data has been compromised in this ransom attack. While whether or not the hospital will pay the hackers is uncertain, the choice is obviously a difficult one. In October of 2015, the FBI stirred the proverbial pot when they advised victims of ransomware “just to pay the ransom”. By paying the hackers, the hospital is able to start back up with all their day to day operations and attend to their number one priority, patients. Although this option does not guarantee the hackers will not attack again, and the hospital would be directly funding criminal activity.
No matter what happens, the Hollywood Presbyterian Medical Centre is hoping to get their systems back online as soon as possible to regain access to records and their patients. We urge everyone to get educated! The best way to prevent these attacks is actually quite simple … security awareness training. As we have previously blogged, an untrained employee is your biggest security threat. Getting this training in will be vital to the safety of your organization because whether a cyber-attack is directed at data theft or monetary theft, the best offense is a good defense!
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.