Hackers take hospital network down, hold it for ransom

By March 28, 2016 Uncategorized

You may have seen in the news last month that a hospital fell victim to a cyberattack. The Hollywood Presbyterian Medical Center was in a state of emergency after ransomware infected their network and held it for ransom.

The attack compromised the hospital’s functionality and the staff was unable to access patient records such as x-rays, lab reports, MRI results, etc. They even had to transfer some existing patients and turn new ones away. According to NBC, the situation got so bad that in order to keep up their day-to-day operations, the staff had to turn to manual documentation—using pen and paper, as well as telephone and fax, to keep up communications. This slowed hospital operations to a crawl, which was a terrifying experience, not only for the hospital staff, but also for the patients and families who were in the hospital’s care. It is believed that the patients’ medical records were not tampered with or stolen, but that the cybercriminals solely sought to make a financial gain from ransoming the hospital’s systems.

As shown in other recent newsletter articles, ransomware has become an increasingly popular method for hackers to use. It works in a costly three-step process: (1) It grants access to a computer network through malicious software downloads or links, (2) It encrypts the contents of infected devices on the network, (3) It empowers the hacker to offer the encryption key, which grants access back to the encrypted files—if the victim pays a fee. While this type of attack usually tends to hold a ransom of a few hundred dollars, the price tends to rise when the hackers are dealing with valuable files for wealthy individuals or organizations.

The hospital’s ransom was originally reported to be 9,000 bitcoin (over $3 million), but that was later dispelled. The ransom ended up being 40 bitcoins or $17,000, which is still much higher than your average ransomware attack. After being crippled for over a week and losing untold business by turning away and transferring patients, the hospital did pay the $17,000 ransom to recover their files. The worst part is not even the $17,000 ransom, but the lost income and expenses from being down for so long.

If you are concerned about the possibility of something like this happening to you, we are here to help. You may be eligible for a complimentary risk assessment from SWK Technologies. This assessment may uncover current data-security or compliance issues—before they become an issue. It also identifies potential cost savings. Contact us for more information.