Hospital pays ransom to regain control of its data
It’s the price of accessing their own data.
That’s what executives at Hollywood Presbyterian Medical Center say they were forced to do following a Feb. 5 cyberattack that disabled the facility’s computer network.
On Wednesday, CEO Allen Stefanek issued a statement that the hospital paid the equivalent of $ 17,000 in bitcoins to hackers who used malware to crash the network. It said, in part:
The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best in interest of restoring normal operations, we did this.
Law enforcement and IT professionals seem divided on whether organizations should pay ransom in these situations. However, a post on Healthcare-Informatics.com reminds those in health care that most security breaches are preventable:
We all know that health care IT leaders are working very hard to try to ensure data security and cybersecurity, but the reality is that the dangers are becoming more menacing all the time now, not less. And independent community hospitals like Hollywood Presbyterian are particularly vulnerable with regard to the kinds of human and capital resources available to master these ever-intensifying issues.
[Learn the state of internal communication in health care with this free download.]
Writer Mark Hagland said the issues are becoming apparent “in every sphere of patient care organization activity.” The threats, he said, are coming from:
Phishing scams that get unsuspecting staff members to open infected emails
Straight-out hacks by crime syndicates
Hostile foreign governments
Cyberattacks against medical devices that are connected to EHRs and other clinical information
A post on Computerworld.com offered a few snarky insights, including this one:
It appears the hospital failed with its disaster recovery (DR). Looks like it either didn’t have backups, or the restore failed…Oopsy daisy, hashtag-fail, oh noes, etcetera. In IT Blogwatch, bloggers see a lesson for all of us: Backups aren’t backups unless you can restore them!