Los Angeles hospital, Hollywood Presbyterian Medical Center paid nearly $17,000 in ransom to hackers who breached and disabled its computer network, the hospital said in statement Wednesday.
The attack occurred on Feb. 5, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to communicate from those devices, said Chief Executive Allen Stefanek.
Without access to the hospital’s computer systems, doctors and nurses were forced to communicate by fax or in person. Medical records that show patient’s treatment history were inaccessible, and the results of X-rays, CT scans, and other medical tests weren’t easily shared. Some patients had to drive to area medical centers to pick up medical test results in person. New records and patient information was recorded on paper, and some patients were transferred to other hospitals, according to an NBC affiliate.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek said. “In the best interest of restoring normal operations, we did this.”
The hacker demanded 40 bitcoin, the equivalent to about $17,000.
Stefanek said by Feb. 15, the hospital’s computer system was fully restored. The statement also said that the infiltration “did not affect the delivery and quality” of the hospital’s care, and there is “no evidence at this time that any patient or employee information was subject to authorized access.”
The LA Times reports that since 2010, at least 158 institutions, including medical providers, insurers and hospitals, have reported being hacked or having information technology issues that compromised patient records.
While ransom attacks are still relatively rare, cyberattacks on hospitals are on the rise as hackers in recent years pursue personal information they can use for fraud schemes. Last July, hacker may have accessed as many 4.5 million patient records in UCLA Health System’s computer network.
Independent cyber security expert, Graham Cluley tells Newsweek that the ransom payout will only lead to further proliferation of cyber attacks on critical infrastructure, “Paying up is definitely not a good thing to do in my opinion. But if an organization has failed to keep properly secured backups I can understand how they might feel they have no alternative.”
Cluley adds that one way of protecting against these types of ransom demands is to make sure data is securely backed up, otherwise they risk facing a “business ending event.”
These attacks don’t seem to be going away anytime soon; each successful attack leads to more dangerous versions of malware to be developed according to experts.
The FBI is currently investing the HPMC cyber attack.