Hollywood Presbyterian Medical Center was recently forced to pay $17,000 to hackers via bitcoin in order to see its electronic medical records returned following a malware attack.
Hospital put records online, blame Obama?
“To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that, within five years, all of America’s medical records are computerized,” said President Obama in 2009. “This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests.”
While a noble idea and a good idea, you still need security as Allen Stefanek, president and chief executive of Hollywood Presbyterian Medical Center lamented yesterday.
“On the evening of February 5th, our staff noticed issues accessing the hospital’s computer network,” he wrote. “Our IT department began an immediate investigation and determined we had been subject to a malware attack. The malware locked access to certain computer systems and prevented us from sharing communications electronically.”
While that wouldn’t necessarily have been a problem a decade ago, this hospital and others become crippled when all their information is stored electronically but at the same time is inaccessible.
Hospital pays the Bitcoin ransom
Shortly after the hospital’s system was breached, the hospital was contacted by the hackers and the decision to pay about $17,000 in bitcoins was made to restore the system quickly.
“The reports of the hospital paying 9000 Bitcoins or $3.4 million are false,” said Stefanek. “The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000.”
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek’s statement said. “In the best interest of restoring normal operations, we did this. ”
According to security experts, this is becoming the preferred means by which to handle these affairs especially when a very “reasonable” amount of ransom is requested. And being a hospital in the United States, they will simply pass these costs on to patients.
Perhaps the biggest surprise in this story is the hospital’s willingness to make the payment public, many of these attacks simply go unannounced for obvious reasons.
Because the hospital went public, the FBI and LAPD are investigating the matter.