eugenesergeev - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Ransomware attack causes internal emergency at Hollywood hospital

The FBI, along with the LAPD, began investigating a ransomware attack at a Hollywood hospital that has crippled the facility's operations and could cost millions.

The Hollywood Presbyterian Medical Center was hit by a ransomware attack that has caused untold damage for the facility and its patients. The FBI and Los Angeles Police Department have been called in to investigate.

The attack reportedly shut down the Hollywood hospital's computer system on Feb. 5. Hospital President and CEO Allen Stefanek told NBC Los Angeles the staff began noticing "significant IT issues and declared an internal emergency."

Although Stefanek claimed patient care was not affected by the ransomware attack, he admitted patients have been diverted to other hospitals. Additionally, an unnamed doctor at the hospital said the computers affected were essential for documenting patient care and the transmission of lab work, X-rays and CT scans. The attack left stored medical records for past patients inaccessible, and some outpatients did not receive treatment as a result of the attack.

Several staff members at the Hollywood hospital have confirmed the ransomware attack, and claimed the hackers are asking for 9,000 bitcoins -- approximately $3.6 million at current exchange rates -- in exchange for the encryption keys to restore the system. It is unknown what variant of ransomware was used.

Stefanek claimed the attack was random and was not malicious, and the FBI and LAPD have begun investigating. It is still unknown if any personally identifiable information or other sensitive patient data was stolen in the attack.

It is also unclear what kind of data backups were being used by the Hollywood hospital. Many experts agreed using encrypted, cloud-based storage to back up sensitive data can significantly mitigate the risks of ransomware attacks. Beyond that, experts often suggest enterprises be more vigilant in educating employees about potential risks, because many bigger issues begin with smaller attacks, such as phishing.

Tim Erlin, director of IT security and risk strategy for Tripwire Inc., based in Portland, Ore., agreed this was likely the case.

"The attack was random in the sense that the attackers were not specifically targeting this hospital," Erlin said. "A targeted attack includes specific tactics and objectives that pertain to an organization or individual. Ransomware is not a new tool for attackers. Its objective is to encrypt valuable data, and then require a ransom for the decryption key. This type of attack works for any organization that has sensitive data -- from hospitals and police stations to the average consumer."

"We're talking about cybersafety, not just cybersecurity. The average consumer may not realize how vitally important effective electronic communication is for a hospital. Disruption of that communication slows treatment and creates real risk to human life," Erlin said. "An attacker can significantly impact a hospital's ability to deliver care without directly attacking medical devices themselves. Hospitals should include these kinds of cyberattacks in their disaster recovery plans."

Next Steps

Learn how to avoid being affected by ransomware.

Learn the difference between extortionware and ransomware.

What can your organization can learn from the Community Health Systems breach?

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Does your company routinely back up data to mitigate the damage from a ransomware attack?
With health care out of control I'm not shocked at this. If you take control of a hospitals data they cannot bill patients or treat them properly. I could see potential lawsuits if the wrong care or medications were given. Leaving the hospital in this situation they have to be very cautious on how they proceed.  This wont be the last time we hear a story like this..As more things become internet connected, that means more possible points of a data breach or attack.

I'm puzzled how something demanding $3.6 million, or even just being ransomware, isn't "malicious"...what next, bank robbers not malicious if they don't wear masks or just happen to realize they're in a bank while armed? But this does point out the dearth of available scalable antimalware capable of handling next gen polymorphic malware, beyond all too frequent general lapses in attention to network security. Hope they can contain this issue without recourse to paying ransom.
There have been several similar ransomware attacks against hospitals in Germany recently. So these attacks are somewhat likely to be targeted. Hospitals seem to be easy targets, typically being less focused on IT security and having high visibility to the general public. So hospitals might be more likely to pay ransom ...
One of our VP's was recently hit with CryptoWall 3.0 that encrypted her local files, an external hard drive, and server shares. The server shares were backed up, but local files were not. At her behest, I secured the bitcoin ransom (~$700), paid it, and recovered all of her files. I set her up on an automatic cloud backup of her laptop's personal folders to mitigate any similar attacks in the future. When it comes to external hard drives, those need to be backed up to.
Come on people. If the business has critical systems and data, make the investment and protect yourselves better. Active layered defense is the only play against cybercriminals.
Invest more into security - sounds great, but in many cases does not pass the reality test. The kind of active layered defense needed to reliably protect today's mainstream IT infrastructure against advanced malware is not economically feasible in most cases - and extremely difficult to achieve too. Even government agencies do have trouble to keep their systems clean. Hospitals do have other priorities than chasing intruders and can't afford a team of highly specialized and highly payed security experts to closely Monitor around the clock what hostile activities might have been launched within their network. It might even be new to them that AV software does not work any longer - at least against advanced malware ...
Just heard they paid the ransom. Approx $17,000 U.S. Broadcasting that it was paid may just make the hacker(s) attempt another site or encourage others to try it. They could have just said the problem had been resolved. It's nice we are made aware of a situation if our data is in jeopardy but don't broadcast the fact the hackers won.
Partly agree. However, hiding the ugly reality does not not cure the disease.

We ought to be honest enough to concede that the currently prevailing mainstream IT can't be reliably protected. We need some more robust IT infrastructure - which for instance would be designed to prevent buffer overflow attacks ...

Muddling along in the same way we do since many years just won't get us any significant improvement. We need a change of paradigm.