News

Hollywood hospital pays $17K ransom to hackers after computer network attack

Ransomware attacks in the medical sector have been called one of 2016's greatest cybersecurity threats as hackers target life-saving devices for big payouts.

Doctors reverted to pens and paper after hospital taken offline by a ransomware attack

The Hollywood Presbyterian Medical Center hack may be part of a larger trend predicted for this year, in which ransomware is used to target the medical sector – potentially leading hackers to threaten victims with their own lives if they don't pay up. (Hollywood Presbyterian Medical Center/Facebook)

A Los Angeles hospital paid a ransom in bitcoins equivalent to about $17,000 US to hackers who infiltrated and disabled its computer network, the medical centre's chief executive said Wednesday.

It was in the best interest of Hollywood Presbyterian Medical Center to pay the ransom of 40 bitcoins — currently worth $16,664 — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement.

The facility was without access to email, digital patient records and some internet-connected medical devices following a cyberattack that saw hackers take its computer networks clear offline before demanding more than $5 million US in ransom.

NBC LA reports that an "internal emergency" was declared after staff began experiencing "significant IT issues" around Feb. 5.

The network was back in full operation Monday.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

Patient care was not affected by the hack, and there is no evidence any patient data was compromised, Stefanek said.

It did, however, result in emergency room delays, 911 patients being diverted to other hospitals and the need for all registrations and medical records to be written by hand on paper.

Staff members at the private 434-bed hospital spoke to various local news outlets about additional problems caused by the network shutdown. One unnamed doctor who told NBC4 News that departments are "communicating by jammed fax lines" because they have no email access.

The doctor also said that computers used for tasks like lab work transmittal, documentation, sharing of X-rays and CT scans had been taken offline, and that some outpatients missed treatments due to the fallout of the attack.

Patients were told to pick up medical test results in person as opposed to having them delivered electronically, according to BBC News.

This example image shows the kind of encryption notice received by users after hackers use ransomware to take files hostage, then demand a payment in exchange for restored access. (phishme.com)

While Stefanek described the attack as random, he didn't expand on the type of malware being used, how the hospital's system became infected or how much money was being for access to be restored.

Computer forensics expert Eric Robi, whose clients include both the State of California and the U.S. federal government, told FOX 11 Los Angeles that hackers asked Hollywood Presbyterian Medical Center for approximately 9,000 bitcoins (just over $5 million) in relation to a ransomware attack.

Several employees at the hospital echoed this while speaking to NBC4, reportedly saying that "hackers would send back the key codes to restore the system" in exchange for a bitcoin ransom.

"I don't know why they chose a hospital specifically," Robi said. "It's an unfortunate hack, a ransomware hack where they're asking for money in exchange for unlocking records at the hospital."

After working on half a dozen similar attacks against LA businesses over the past year, Robi said that "most of the time it's cheaper to pay the ransom than to pay to fix the problem" — though he did note that this particular ransom was higher than any he'd seen before.

Ransomware, a form of malicious software that seeks out your computer files and locks them until you pay a fee, is not a new problem among individuals and corporations.

A November CBC News investigation discovered that cybercrimes of this nature dupe Canadians out of hundreds of millions of dollars each year.

Two months ago, the RCMP unveiled a new cybercrime strategy aimed at helping local police deal with cases of malware, fraud and similar online threats affecting Canadians from both domestic and global sources — but law enforcement officials can only do so much when it comes to ransomware in particular, as it stands.

At least two U.S. police departments reportedly paid off cyberthieves last year after days of trying to decrypt locked systems, and many victims don't contact the police at all. They'd rather pay out the money then risk losing their files – especially when those files are of an expensive, irreplaceable, or even life-saving nature.

What happened to Hollywood Presbyterian Medical Center may be part of a larger trend predicted for this year by Forrester Research, in which ransomware is being used to target the medical sector.

Forrester's paper, released in November, pegged the primary hacking trend of 2016 as "ransomware for a medical device or wearable," arguing that it would be relatively easy for cybercriminals to target vital health devices and then threaten victims with their own lives for ransom money.

Indeed, many medical devices have been found to have serious cybersecurity flaws.

Motherboard cites a 2013 DHS advisory warning of 300 medical devices with factory-set passwords that cannot be changed by users but can be discovered by anyone online who downloads the device's manual.

"Medical device ransomware would be a modern form of highway robbery with lives at stake," wrote Motherboard of the Forrester prediction. "Chest pains send you into convulsions, then stop abruptly. Is something wrong with your pacemaker? As you pant for breath, a message pops up on your phone. 'Want to keep living? Pay us a ransom now, or you die.'"

The Hollywood Presbyterian Medical Center investigation is ongoing, FBI spokeswoman Ari Dekofsky told Reuters. She declined to release further details.

With files from The Associated Press