Ransomware Attack Holds Hollywood Hospital Records Hostage for $3.6M

The networks of the Hollywood Presbyterian Medical Center have been crippled for over a week now by a ransomware attack. The FBI and the LAPD have been working to identify the source and the severity of the attack but as of this writing, the network and computer-related functions, including CT scans, lab work, pharmaceutical, and documentation needs of the 430-bed Los Angeles hospital remain offline.

HPMC President and CEO Allen Stefanek declared the incident an internal emergency that has significantly impacted emergency room systems, leading to the transfer of affected patients to other hospitals. While no evidence has been sufficiently acquired to identify whether a patient or employee information served as gateway to the unauthorized access, the hospital staff were driven to revert to manually logging registrations and other medical records on paper.

The hospital administration issued a directive for staff and personnel to keep systems and networks shut down to prevent the spread of the compromise as local authorities and cyber forensics teams investigate the incident. According to reports, the irregular activity has been spotted at the onset of February but remained undisclosed to the public until investigations have been made.

This is not the first time a medical institution has been targeted by threat actors. Medical data from healthcare service providers and hospitals have proven to be a goldmine for cybercriminals, but past incidents involved data breaches where client records were stolen. Ransomware attacks encrypt data, preventing victims from accessing it unless the ransom demand is paid.

[More: How ransomware works]

No technical details regarding the attack have been shared but security and cyber-forensic experts are investigating how the ransomware managed to infiltrate the system. Reports have also indicated that the ransom demand is 9,000 Bitcoin, or $3.6 million, amounting to what's probably the highest known ransom demanded by a ransomware attack to date. The extraordinarily high ransom demand could also indicate the attacker behind it who knows who the victim is, as ransomware usually show pre-set ransom amounts that rarely reach four digits, or more reasonable amounts that the average individual victim would be willing to pay.  

[Read: Protect your system from ransomware]

Update: Feb 18, 2016

According to a memo from Allen Stefanek, President & CEO of Hollywood Presbyterian Medical Center, the hospital paid the ransom to decrypt the hostaged files as "the quickest and most efficient way" to restore affected systems and administrative functions. The memo also mentioned that the previously reported amount of 9000 Bitcoins, or $3.4 million, was false. The ransom paid amounted to 40 Bitcoins, or approximately $17,000 (the amount presumably covers all the infected systems)


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.