On Wednesday, the Hollywood Presbyterian Medical Center announced that it had decided to pay a ransom of 40 bitcoins, or roughly $17,000, to restore its systems in the “quickest and most efficient” way from a virus.
While details on the specific virus that infected the hospital remain elusive, this appears to be a typical case of ransomware. These viruses frequently use encryption to scramble a victim’s files, forcing them to restore from backups, if they have them, or pay up for decryption keys — the same story reflected in initial reports of the hospital’s malware infection.
An announcement on the hospital’s website that was signed by the hospital’s president and CEO, Allen Stefanek, noted that the the center’s medical-record system had been restored on Monday and that “all systems currently in use were cleared of malware.” But it was not immediately clear if any systems remained disabled as a result of the infection.
The restoration of the records system came 10 days after the infection was detected on February 5. The announcement noted that there was no evidence indicating a leak of any sensitive data.
A hospital representative told Business Insider that she could not provide additional comment.
Ransomware generally targets a user’s documents, like text files, images, or audio, rather than critical-system files. That’s because the hackers’ end-goal is to entice victims to pay for their data, not to indiscriminately damage their computers.
The scheme seems to be working, too: Hackers generated over $325 million from the attacks in a two-month period, according to one study. While that estimate strains credulity, antivirus firm Bitdefender found that over 50% of American ransomware victims paid the demanded ransom. Even public institutions — particularly police departments — aren’t immune.
The encryption of documents can render a computer useless if all its relevant files are inaccessible or if systems have to be taken offline in order to manage the infection, as was the case in the Oxford School District in Mississippi last week.
The problem started innocently enough, according to the district superintendent, Brian Harvey: “Midday on Sunday, I started doing some work and couldn’t connect to the internet.” As problems continued, the district’s tech staff investigated the problem and found that a virus had been encrypting files, effectively shuttering the network as the infection spread.
“At that point, our technology coordinator just shut everything off,” Harvey told Business Insider.
While the district had its files backed up, wiping and restoring servers and bringing the schools’ software back online was a time-consuming task, one that hadn’t been completed when Harvey spoke to Business Insider nearly a week after the initial infection.
Some of the consequences of running a school without its computer systems are expected and even mundane, like the fact that students had to write down by hand their ID numbers to pay for their lunches, as reported by Local Memphis. But the shutdown also affected instruction: Without access to “learning management software,” teachers can’t easily send grades, assignments, or study materials to students online the way they normally would.
If the perpetrator behind the attack had their way, district officials would be ponying up 21 bitcoins — nearly $9,000 — to restore their files. The availability of backups meant that the district didn’t need to give in to demands. Harvey conceded, however, that if they hadn’t had the option to restore, then there would have been little choice but to pay so as not to lose grades and student information.
Harvey may be right. For the time being, there is generally little one can do to restore encrypted data from ransomware other than pay.
Local law enforcement is investigating the incident, with the aid of the FBI, but Harvey is not holding his breath waiting for a mysterious hacker to get caught: “This is just the world that we live in.”
“It’s terribly frustrating,” Harvey said. But “we’ve got kids coming to us tomorrow, and they have still got to learn.”
In a hospital setting, the stakes may be greater. Stefanek initially told a local NBC affiliate that shutting down the hospital’s computer systems did not affect patient care, but some emergency patients reportedly had to be diverted to other hospitals following the incident. Some historical medical records were also rendered inaccessible.
The hospital’s president called the attack “random,” but hospitals have been targeted in cyberattacks in the past. Just this week, an NBC report cited a massive increase in the hacking of healthcare records. The Washington Post, analysing data from the US Department of Health, reported in March that data on more than 120 million people had been “compromised” across over 1,100 breaches.
Healthcare records are valuable to identity thieves because the information can potentially remain accurate forever, unlike email addresses or credit-card numbers, which can be changed.
This post has been updated to remove an inaccurate ransom figure — over $3 million — that had been cited in initial reports. The hospital announced on Wednesday that it had paid a ransom of roughly $17,000.
Business Insider Emails & Alerts
Site highlights each day to your inbox.