The Hollywood Presbyterian Medical Center in Los Angeles has announced that it paid hackers 40 bitcoins ($17,000 USD). The criminals had used malicious software to encrypt the hospital’s records, and held the key to decrypt the files for ransom.
The hospital was infected with the software, commonly called “ransomware,” on Feb. 5. Presumably, someone on the hospital network opened an email attachment or clicked a link they shouldn’t have. From there, a message typically appears on the infected computers, demanding payment to restore access. There’s usually a deadline.
Once infected, the hospital reportedly had to send some patients to other hospitals, and go back to paper to process visits.
A ransomware attack at this scale, which could potentially put lives at risk, has so far been uncommon. The targets have largely been individuals and small organizations, and the payments demanded are usually under $1,000. And the Federal Bureau of Investigation, at least according to one agent, often advises victims to just pay the ransom if they want their files back.
Indeed, this was the case for Hollywood Presbyterian. The hospital’s CEO said in a statement Wednesday night (Feb. 18) that paying the criminals was “the quickest and most efficient way to restore our systems and administrative functions.”
And now, everything is back to normal. “HPMC has restored its electronic medical record system (“EMR”) on Monday, February 15th,” the CEO said in the statement. “All systems currently in use were cleared of the malware and thoroughly tested.”