A Los-Angeles-based hospital has paid an unknown hacker $17,000 in the digital currency Bitcoin after its computer system was seized.
The Presbyterian Medical Center said its computer network was “seized” by a hacker, locking out its staff from accessing and using the system until a ransom was paid. The attack occurred on February 5, during which malicious software was installed on the healthcare facility's computers. Once installed, the malware spread throughout the network, giving near-full control to the hacker. In a statement to the press, the Presbyterian Medical Center's Chief Executive explained that the malware encrypted its files. And before workers could access the system again, they were forced to pay a ransom of $17,000 to obtain the decryption key.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” said Chief Executive Allen Stefanek in a statement. “In the best interest of restoring normal operations, we did this.”
So, were patients records compromised during this attack? According to the facility's spokesperson, neither patient nor hospital records were retrieved by unauthorized individuals. Assuming this is true, the hospital may have dodged a bullet in regards to HIPAA. If patient records were comprised, the hospital could be fined or subject to other corrective actions for HIPAA violations.
In the wake of this attack, the hospital said it has gone back to pen and paper for keeping records. Of course, it's doubtful this format will remain in place, as digital records are exponentially more efficient and convenient, especially when dealing with thousands of patients and their respective healthcare information.
This incident just goes to show the importance of maintaining a secure network in the healthcare and services industry. Far too many doctors and medical practitioners believe they are safe from cyber attacks, assuming it only happens to retail stores and banks. However, there's been a growing trend surrounding cyber attacks in healthcare, as hackers can steal huge amounts of data, reselling it on the black market to the highest bidder. Doctors and healthcare practitioners can protect themselves from these attacks by implementing digital safeguards to prevent intrusion, such as firewalls, virus scanners, network monitoring, etc.