Skip to main content

Hollywood hospital pays $17,000 to ransomware hackers

hollywood hospital ransomware attack presbyterian medical center
Hollywood Presbyterian Medical Center in Los Angeles, California. Image used with permission by copyright holder
A Hollywood hospital whose computer systems were locked up by ransomware earlier this month (original story below) has paid $17,000 in bitcoins to regain access to its data. It’s believed the hackers had originally demanded $3.4 million from the Hollywood Presbyterian Medical Center in Los Angeles, but the hospital said Wednesday that any reports suggesting it paid that amount are false.

Commenting on the decision to hand over $17,000, Allen Stefanek, president of the medical center, said in a release, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Stefanek said the hospital’s electronic medical records system was restored at the start of this week, adding that it was now working with a team of experts “to understand more about this event.”

The attack occurred on February 5, and while it caused serious disruption for several weeks, the hospital insists there’s no evidence to suggest patients’ medical records were accessed by the hackers at any point.

The FBI is investigating the incident.

Original story published on February 16, 2016:

Ransomware is always going to present a major headache for any victim, but when a hospital is at the center of an attack, the matter suddenly appears more threatening, with the stakes potentially a whole lot higher.

Take the Hollywood Presbyterian Medical Center in Los Angeles. Its computer systems have been offline for more than a week following a ransomware attack, with hackers reportedly demanding a $3.4 million payment to restore access, CSO reported Monday.

Staff are understandably having a hard time coping, with procedures such as CT scans unable to be carried out. In some cases, patients are being ferried to nearby medical facilities for treatment.

The ongoing incident also means hospital workers are unable to gain access to important documents, patient data, and emails. Instead, staff have had to step back in time, firing up fax machines and making more use of pens and paper to keep track of work at the facility.

The hospital has confirmed the attack, and says that so far it has no evidence to suggest patients’ medical records have been accessed by the hackers, the BBC reported.

The FBI and LAPD are now examining the incident, but with the ransom unpaid and the investigation ongoing, those working at the facility have been told to keep off their computers until further notice. The hospital hasn’t said publicly how it’s dealing with the situation, or revealed what kind of data backup systems it has in place.

It’s not clear how the hospital’s computer systems were infected with the ransomware, but it may have been a simple case of a member of staff clicking on a malicious link or attachment in an email. Such action would then have opened the way for the malware to automatically take over a system, locking users out until a sum of money is paid to the hackers.

It’s possible cybercriminals targeted the hospital in the belief that, considering the important nature of its work, it’d be more likely to pay up. However, there’s been no indication that the facility intends to do that.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Ransomware victims are refusing to pay — but is it working?
A depiction of a hacked computer sitting in an office full of PCs.

A new report has highlighted how ransomware payments to hackers have begun to slow down, with victims continuously opting to not cave in to demands.

Coveware, a company that provides ransomware decryption services, revealed some interesting analytics relating to the state of ransomware during the second quarter of 2022.

Read more
This anti-hacker group helps you escape ransomware for free
A depiction of a hacked computer sitting in an office full of PCs.

This week marks the sixth anniversary of the No More Ransom project, an initiative aimed at helping ransomware victims.

Operating as an online platform to help anyone who’s experiencing trouble after their system has been infected by some form of ransomware, No More Ransom was formed as a joint venture between law enforcement (Europol and the Dutch National Police) alongside IT security firms (Kaspersky and McAfee).

Read more
This researcher just beat ransomware gangs at their own game
A digital depiction of a laptop being hacked by a hacker.

A security researcher has discovered key flaws pertaining to popular ransomware and malware -- a state of affairs that could lead to their creators entirely rethinking the approach to infiltrate potential victims.

Currently, among the most active ransomware-based groups are the likes of Conti, REvil, Black Basta, LockBit, and AvosLocker. However, as reported by Bleeping Computer, the malware developed by these cyber gangs has been found to come with crucial security vulnerabilities.

Read more