Hospital Pays $17,000 to Ransomware Attackers after Resorting to Using Paper for Days

Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid, the hospital’s chief executive said.

Ricardo DeAratanha / Los Angeles Times

The assault on Hollywood Presbyterian occurred Feb. 5, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to communicate from those devices, said Chief Executive Allen Stefanek.

The hacker demanded 40 bitcoin, the equivalent of about $17,000, he said.

"The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

The hospital said it alerted authorities and was able to regain control of all its computer systems by Monday, with the assistance of technology experts.

Stefanek said patient care was never compromised, nor were hospital records.

Top hospital officials called the Los Angeles Police Department last week, according to police Lt. John Jenal.

Laura Eimiller, an FBI spokeswoman, said the bureau has taken over the hacking investigation but declined to discuss specifics of the case. Law enforcement sources told The Times that the hospital paid the ransom before reaching out to law enforcement for assistance.

The attack forced the hospital to return to pen and paper for its record-keeping.

Phil Lieberman, a cybersecurity expert, said that, while ransomware attacks are common, targeting a medical institution is not.

"I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk, and it is sickening to see such an act," he said. "Health management systems are beginning to tighten their security."

The 434-bed short-term acute care hospital on Vermont Avenue is owned by CHC of South Korea.

Under federal law, hospitals are required to report potential medical data breaches involving more than 500 people.

Since 2010, at least 158 institutions, including medical providers, insurers and hospitals, have reported being hacked or having information technology issues that compromised patient records, federal records show.

Ransom attacks are still relatively rae. But cyberattacks on hospitals have become more common in recent years as hackers pursue personal information they can use for fraud schemes. Last July, hackers may have accessed as many 4.5 million patient records in UCLA Health System’s computer network.


Los Angeles Times