Hollywood Presbyterian Medical Center Breached, Pays Ransom


February 19, 2016 | DevOps | joanna mastrocola


We’ve already discussed Experian’s prediction that healthcare would be a major target for hackers in 2016. In light of recent events, it seems their predictions were correct. Hollywood Presbyterian Medical Center in southern California is the latest organization to fall victim to hackers.

Hollywood Presbyterian Medical Center falls victim to ransomwareIt comes as no surprise that hospitals are a target- they hold very sensitive, and very valuable patient information. Unlike in other industries, healthcare has failed to keep up with the latest IT trends. Yes, hospitals might be using the latest equipment and running the newest, and most accurate medical tests, however their IT systems have not kept up with development. With their limited budgets and resources, IT infrastructure is toward the end of the list on things to improve. This lack of attention toward infrastructure security has caused many breaches already, including last year’s Anthem breach, and has put pateints information and wellbeing at risk.

So, what exactly happened at the Hollywood Presbyterian Medical Center? Here’s everything you need to know:

According to the International Business Times, doctors at the hospital had been unable to use their computers to access digital medical records prior to uncovering the breach. The hack is believed to be a ransomware attack.

CSO online reports that the hospital, which declared the breach an internal emergency, went over a week off the network, having no digital records or access to email. Due to a lack in access to patient data some patients were sent to other hospitals.  The initial understanding that hackers wanted 9,000 bitcoin (~$3.4 Million) to restore the system were false. According to new reports, the hackers only wanted 40 bitcoin ($~17,000).

According to Forbes, the hospital fell victim to the “Locky” virus which is ransomware that comes through in an email with an attached Word document. Although the president and CEO of the hospital urged that the attack didn’t effect patient care, it seems that this claim is pretty far from the truth, as many machines in the hospital did not work, which means a halt in treatment for patients with serious illnesses, including cancer.

NBC reports that the FBI is currently investigating as to the identity of the hackers. The hospital did pay the ransom, in order to obtain the encryption key and resume normal operations.

Although the hospital’s CEO is quick to note that patient information was not leaked, there is still a looming problem. Although no medical data was exposed, the hackers clearly realized that the hospital wasn’t very secure and didn’t have the digital capacity to deal with this situation, knowing that they would eventually get paid. This sets a dangerous precedent for fellow hackers and means more hospitals will be targeted in similar attacks. It is likely that the costs associated with these types of breaches will increase, as hackers are in the ultimate position of power. Additionally, a halt in the hospitals operations can be potentially life threatening for patients. If the tools doctors and nurses need to use everyday to treat patients are unusable, and there is a week long delay in treatment, this could be potentially devastating. Hospital pays ransom after breach

This breach is even more disturbing than UKM and Anthem because although information was not leaked, hackers disabled the operations of the hospital. Their motivation wasn’t simply to leak information or to make a political statement, it was to get paid. The worse the breach, and the more devastating the effects, the higher the ransom, and the more money these hackers can eventually make. Until the healthcare industry as a whole is given the funding to take cybersecurity more seriously and enlists the help of some security professionals to help get them up to speed, they will continually leave themselves vulnerable. It is crucial that the healthcare industry put greater cybersecurity measures in place to avoid what seems to be an unavoidable abundance of future attacks.





Keep up-to-date on security best practices, events and webinars.

Share This