Hollywood Presbyterian Medical Center Pays Off Hackers With Bitcoin, As Ransomware Is On Rise In Healthcare Industry
Hollywood Presbyterian Medical Center paid hackers 40 bitcoins, currently worth about $17,000, following a Feb. 5 cyberattack which shut down its computers, CEO Allen Stefanek reported. Ransomware is a digital fraud scheme where hackers lock a computer system by encrypting all the files — this essentially holds the data “hostage” — and then demand a ransom in exchange for a decryption key to unlock the files.
According to Stefanek, HPMC paid the ransom “in the best interest of restoring normal operations,” and saw its electronic medical record system reappear on Monday, Feb. 15. After clearing the malware, the systems were thoroughly tested and brought back online.
“Patient care has not been compromised in any way,” Stefanek said in a statement. “Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access.”
The FBI is investigating the case, Stafanek said, while the hospital continues to work with security experts. HPMC is an 434-bed facility with more than 500 physicians.
The Threat of Ransomware
Between April 2014 and June 2015, the FBI’s Internet Crime Complaint Center (IC3) received 992 complaints related to CryptoWall, the most popular ransomware currently in use. Victims reported losing a total of more than $18 million.
According to the FBI, digital financial fraud schemes target both individuals and businesses and are usually “very successful.” The ransomware problem begins when a victim visits an infected website or clicks on an infected email, ad, or attachment. Once a computer or system is infected, the victim’s files become encrypted. The FBI says most of the time the victim will regain access to encrypted files after paying ransom, usually delivered in Bitcoin, which is fast, publicly available, and provides a sense of heightened anonymity.
In a 60 Minutes interview, FBI Director James Comey called the Internet, “the most dangerous parking lot imaginable,” and warned people to be aware of compromised sites, emails, and other threats.
Last year, Anthem Inc., one of the top health insurers in the United States, disclosed a massive breach of its database, following a similar breach at Community Health Systems. Prior to these events, cybercriminals were more likely to target banks and retailers, according to experts speaking to Reuters; however, as financial companies bumped up their security, hackers turned to the less-secure medical and healthcare sector.
An Intel Security report predicts healthcare records, billing, and prescription management systems along with transportation control systems (including cars, trains, and planes), will soon become the focus of stealth ransomware attacks. As Essential Health revealed, security flaws are real.
According to Norton Cybersecurity Insights Report, 594 million people worldwide were victims of online crime last year. The FBI advises you take four steps:
- Always use antivirus software and a firewall and update when necessary.
- Block popups.
- Don’t click on unrecognized emails or attachments and avoid suspicious websites.
- Back up the content on your computer so that ransomware scams have limited impact on you. (If you are targeted, you can simply wipe your system clean and reload files.)
These steps cannot prevent you from being affected if criminal activity touches your healthcare provider, but you will have done your best to protect your home.