UPDATE: Hollywood Presbyterian Medical Center paid hackers a 40 bitcoin ransom, equivalent to $17,000, to regain control of their systems, according to the hospital's CEO Allen Stefanek, the Los Angeles Times reported.
At one time, a local consultant said hackers were asking for the bitcoin equivalent of $3.6 million.
On Feb. 5, hackers used malware to encrypt files and lock the hospital out of its IT systems, forcing personnel to resort to pen, paper and fax machines to communicate and keep records while taking care of patients. Stefanek said, paying the ransom was the best way to return to normal operations, restoring both systems and administrative functions, the Times reported.
The hospital paid the ransom before asking law enforcement for help, according to the Times.
With the help of experts, the hospital restored computer systems on Monday. Stefanek said neither hospital records or patient care was compromised during the attack.
- A Southern California hospital declared an "internal emergency" after a cyberattack locked it out of its IT system, with attackers holding access for a ransom.
- Systems at Hollywood Presbyterian Medical Center have been down for about a week, with staff losing email and access to some patient data. Some patients were transferred to other hospitals for treatment, and the staff has had to rely on fax machines and telephones to get work done.
- Both the Los Angeles police and the FBI are working to identify the hackers who used ransomware to attack the network. A local computer consultant said the demanded ransom was for about 9,000 bitcoins, or roughly $3.6 million, according to a CSO report.
The medical center has been forced to log patient registrations and medical records on paper as they were asked to keep their systems offline. The attack delayed everything from lab work to CT scans as the hospital cannot risk further harm from the breach.
Attacks like these are one of the reasons why President Barack Obama’s administration is looking to invest $19 billion in cybersecurity in the coming year. Though past breaches like the one at Office of Personnel Management last year, which exposed the records of 21.5 million people, cause harm, attacks on infrastructure can be immediately life threatening.
One security expert said it is easy to compromise medical networks because of unprotected Wi-Fi and "universal poor security," according to ZDNet. The level of threat and potential harm from this attack is akin to last year’s attack on the Ukrainian utility grid, where hackers caused a blackout for a number of hours.
It is not yet known whether hackers took patient or employee data, so officials cannot confirm whether ransomware was the main reason for the attack, according to ZDNet.