Los Angeles Hospital Network Being Held By Ransomware
Hollywood Presbyterian Medical Center in Los Angeles has been facing an ongoing ransomware attack for over a week. On February 5th, intruders took control of the hospital’s network and are demanding 9,000 Bitcoin, about $3.6 million, to unlock it. Cybersecurity experts with the FBI and Los Angeles Police Department have been investigating since Friday, saying that the attack was not designed to steal sensitive information.
Last Friday, a Los Angeles NBC affiliate first reported the attack, which is affecting the hospital’s computer systems. Allen Stefanek, president and CEO of the hospital, issued a brief statement about the attack, saying only that it was random and not directed at the hospital for any specific reason. The media-relations phone number at the hospital plays a recorded message that reiterates that patient data was not compromised.
Ransomware takes control of a victim’s computer or data and demands payment for control to be removed. Sophisticated ransomware programs are able to encrypt all of the user’s data. The attacker then asks for payment in exchange for the decryption key, which is known only to them. Hackers often use coercive force to get the victim to pay quickly, saying that the price will double or the key will be destroyed after a certain amount of time. To avoid leaving traceable information, payment is usually required via online services, like MoneyPak or Bitcoin; you’ll hear certain ransomware programs are referred to as “MoneyPak” viruses.
Effects on Patients
Stefanek told NBC4 that the hack has not impacted patient care, but some patients have been transported to other area hospitals. For employees, the breach has forced them to hand write documentation and patient information. Patients requiring tests that rely on the hospital’s network have to drive elsewhere for testing. However, considering the disaster that a cyberattack on a hospital could be, the effects here are relatively mild.
While $3.6 million is a hefty sum that the hospital is probably not going to pay, they’ll face a massive headache if they don’t have complete and recent backups. If they do decide to pay up, however, the door could swing wide open for copycat attackers looking to attack targets of similar size who rely on their digital data to operate.