Hollywood Hospital Gives in to Hacker’s Ransom Demand

hollywood hospital hacker ransom demand 40 bitcoins
Share the knowledge

If you ever wondered just who gives in to ransom demands from hackers (which experts always agree one should never do), well, the answer today is Hollywood Presbyterian Medical Center hospital. And to the tune of $17,000 (in the form of 40 bitcoins).

According to the LA Times, which broke the story today, Hollywood Pres paid the ransom after the hacker locked up the Hollywood Presbyterian hospital’s entire computer system.

The hacker first seized control of the hospital’s computer systems back nearly two weeks ago, and while at this point both the LAPD and the FBI are involved in the investigation, the hospital had already paid the ransom before reaching out to either law enforcement agency.

It is unusual for a medical facility to be targeted in this way (versus, say, having their data stolen), and while it may not be relevant (or it may be), Hollywood Presbyterian is owned by a South Korean company, CHC.

While the FBI has actually gone on record as saying that if a hacker locks up your data and demands a ransom you should just pay it, security experts (including us) say that you should never give in to a ransom demand from a hacker.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Said security expert Kevin Haley, director of Security Response at Symantec, when asked by NBC News if one should ever pay a ransom demand from a hacker, “Absolutely not. You are likely never to get your files back. On the positive side, if none of us paid the ransom, these guys would go out of business.”

But even more important is how to harden your system so that you can’t be subject to a ransom demand or, if you are, it doesn’t really matter.

This means making regular backups, being careful to never click links or open attachments if you aren’t 100% sure of the sender (as that is how the malicious ransomware gets installed), and, if you are an organization for whom your computer system is mission critical (like, oh, say, a hospital), it’s worth even having a second fail-over system so that you can readily switch to the backup system if your primary system has something go horribly wrong (like, oh, say being held for ransom).

But never, ever pay the criminal.

In explaining why they did pay the criminal, Hollywood Pres’ CEO put out this statement [Page no longer available – we have linked to the archive.org version instead] yesterday:

February 17, 2016

I am writing to talk to you about the recent cyber incident which temporarily affected the operation of our enterprise-wide hospital information system.

It is important to note that this incident did not affect the delivery and quality of the excellent patient care you expect and receive from Hollywood Presbyterian Medical Center (“HPMC”). Patient care has not been compromised in any way. Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access.

On the evening of February 5th, our staff noticed issues accessing the hospital’s computer network. Our IT department began an immediate investigation and determined we had been subject to a malware attack. The malware locked access to certain computer systems and prevented us from sharing communications electronically. Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.

The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

[ED NOTE: And what if after paying the ransom the hacker still had not decrypted it? Ransom hacker’s aren’t really known for their reliability and upstanding moral characthers.]

HPMC has restored its electronic medical record system (“EMR”) on Monday, February 15th. All clinical operations are utilizing the EMR system. All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event.

I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process. I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.

And of course, I want to thank our patients and community for their continued trust in Hollywood Presbyterian Medical Center.

Thank you,
Allen Stefanek, President & CEO
Hollywood Presbyterian Medical Center

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.