Hospital Pays Hackers’ Ransom Demands

hackers ransom.jpg

It may seem like the plot of a Hollywood movie, but a hospital in Los Angeles gave in to the demands of a group of hackers who held their entire computer network system hostage.

The victim of a growing threat known as “ransomware,” Hollywood Presbyterian Medical Center agreed to pay hackers who laid siege to their facility the cyber sum of 40 Bitcoins—which equals about $17,000 in actual currency. Bitcoins are becoming the preferred way for hackers to collect ransom because the online currency is difficult to trace.

The decision to give in to the cyber terrorists came from Allen Stefanek, the care-facility’s CEO, who said, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key…. In the best interest of restoring normal operations, we did this.”

Stefanek went on to say that patient care was not affected by the attack nor was there any evidence of a patient’s data being compromised.

This is not the first time something like that has happened to a company, but it is an uncommon show of transparency, especially for a hospital—many of which are known for keeping internal troubles secret from the public.

According to cyber security firms across the globe, the hacking tactic against both individuals and institutions is growing fast—however, how fast, is a difficult thing to determine. With so many feeling pressured or embarrassed by their security weaknesses, not every crime is reported, so no one can really know how many others have actually given in to ransom demands.

Adam Kujawa, Head of Malware Intelligence for Malwarebytes—which recently released its own anti-ransomware software—said that “Unfortunately, a lot of companies don’t tell anybody if they had fallen victim to ransomware and especially if they have paid the criminals.” The head of the San Jose-based company went on to say that, “I know from the experiences I hear about from various industry professionals that it’s a pretty common practice to just hand over the cash.”

As with regular, “good ol’ fashioned terrorism”—where negotiators and heads of state say “We don’t negotiate with terrorists”—cyber security experts recommend that companies take the same stance. But sometimes, there are special circumstances. The case with Hollywood Presbyterian Medical Center seems to be just that. After all, hundreds to thousands of lives could literally be at stake. Details are limited, but the ransomeware attack is being investigated by the FBI.

Hack attacks are really on the rise. According to a 2014 report by antivirus maker, Symantec, the number of attacks in 2013 rose each month from 100,000 in January to 600,000 in December. And that number is expected to rise even more according to a report from Intel Corp’s McAfee Labs.

As to who was behind the attack on Hollywood Presbyterian is anyone’s guess at the moment. Neither law enforcement nor the care facility have released any specifics about the case or who might be involved.