A Los Angeles hospital paid a ransom of nearly $17,000 to recover its computer network from a malware attack earlier this month. Hospital administrators gave into the ransom demands after the malware had crippled their network infrastructure, blocked access to medical records and left hundreds of patients without access to treatment.
The Hollywood Presbyterian Medical Center started to notice problems with its computer network on February 5th. The malware disrupted emergency rooms, blocked email and prevented treatment for patients due to the lack of access to medical records. Law enforcement was notified immediately but ransomware creates a unique problem; many variants of the malware have the capabilities to encrypt saved data and make it nearly impossible to recover. With no quick fix in sight, hospital administrators gave in to demands, stating it was the quickest and most efficient way to restore operation.
While it’s easy to understand why the hospital would want to restore order in a timely fashion, it is nonetheless an unfortunate choice. By giving into demands, the hospital has set a bad precedent for large organizations when it comes to ransomware. Ransomware has become increasingly common in recent years and giving into demands reinforces the idea that it is an effective extortion strategy. What’s more, ransomware like the kind used in this attack demands payment in Bitcoin, a type of digital currency that is incredibly difficult to track. This means that even if law enforcement gets involved, it remains unlikely that the culprit behind the attacks will be caught.
It is currently unknown how the Hollywood Presbyterian Medical Center became infected in the first place but users should be aware of typical attack vectors. Ransomware malware is typically picked up by “drive-by” download, the action of visiting a website the hosts the malware and then agreeing to download a file. Often times these download locations are masked to look like legitimate websites and promise security patches or updates to software on your PC. Ransomware often employs intimidation and threats that discourage users from reporting the problem. If the malware is encountered in an office setting it is paramount that employees report the problem immediately, failure to do so will likely result in the spread of the infection and a greater disaster down the road.
If you are a business with concerns over ransomware, give us a call at 212-242-2949. Our security experts can help protect your organization from an attack and ensure that your data remains secured.
– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer