Cyberattack Paralyzed U.S Hospital

Uploaded on 2016-02-29 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Doctors have been locked out of patient records for more than a week by hackers who are demanding money to release the data.   A hospital in Los Angeles has been operating without access to email or electronic health records for more than a week, after hackers took over its computer systems and demanded millions of dollars in ransom to return it.

The hackers that broke into the Hollywood Presbyterian Medical Center’s servers are asking for $3.6 million in Bitcoin.  The hospital’s staff is working with investigators from the Los Angeles Police Department and the FBI to find the intruders’ identities.

Meanwhile, without access to the hospital’s computer systems, doctors and nurses are communicating by fax or in person. Medical records that show patients’ treatment history are inaccessible, and the results of X-rays, CT scans, and other medical tests can’t easily be shared. New records and patient-registration information are being recorded on paper, and some patients have been transferred to other hospitals.

A recording on a media-relations phone line at the hospital said that “patient care has not been compromised” after the cyberattack, but a spokesperson was unavailable for further comment.

The fact that hackers were able to encrypt patient records doesn’t necessarily mean they gained access to those files, but the goal of this type of cyberattack isn’t to get to patient information; it’s to make sure that the hospital can’t get to it, either. Viruses and malware that take over a server or a computer and demand money to return it are known as ransomware. The tactic has spread in popularity in recent years, as hackers take advantage of the increase in networked devices, gadgets, and servers.

When a number of small police departments in Massachusetts, Tennessee, and New Hampshire were hit with separate ransomware attacks, all three paid between $500 and $750 to get their data back.

Alan Stefanek, the CEO and president of Hollywood Presbyterian, told NBC reporters that the cyberattack on his hospital was “random” and not malicious. If that’s the case, then it’s possible someone at the facility clicked on an infected link in an email or a pop-up ad and introduced a virus onto the hospital network.

When a ransom-seeking virus infects a computer or server, it starts by encrypting the contents of the device. Using publicly available encryption methods, an attacker can lock up the contents of a device so effectively that even the FBI has given up on decryption efforts in the past. The attacker then offers the key to the victim’s now-encrypted files back to the user—for a price. The average ransom demand is just $300, but if a hacker knows they’ve bested a wealthy organization desperate for its data back, they’re likely to dream much bigger.

If the hospital chooses to pay the ransom, or negotiate terms for the release of its data, it will not be the first health-and-safety organization to do so. When a number of small police departments in Massachusetts, Tennessee, and New Hampshire were hit with separate ransomware attacks, all three paid between $500 and $750 to get their data back.

Those departments paid because the data they’d lost was essential, and federal law-enforcement attempts to defeat the ransomware were unsuccessful. Hollywood Presbyterian patient-record history and email archives are likely just as indispensable, but the reported seven-digit asking price dwarfs the $500 hackers got from the police departments.
While it’s unlikely that the facility will pay millions of dollars to restore its databases and systems, it’s in desperate straits without a backup of its patient files. Unless law enforcement can break the encryption keeping the data hostage, the hospital may be forced to start from scratch.

The Atlantic:

« PWC On The Hunt For 1,000 Data Scientists
Retailers Are Hardest Hit by Malware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

Alset Technologies

Alset Technologies

Alset Technologies provides DASH - a comprehensive solution to DISA STIG (Security Technical Implementation Guide) compliance.

Emircom

Emircom

Emircom is one of the Middle East's leading independent providers of IT infrastructure services, helping clients to drive growth and deliver measurable outcomes.

Pango

Pango

Pango is a leading provider of digital consumer security solutions.

Dev Information Technology (Dev IT)

Dev Information Technology (Dev IT)

Dev IT delivers digital transformation and end-to-end information technology services.