Only Full-Service Community Hospital in LA Grinds to Halt

By: Kayla Thrailkill and Daniel McDonough

Ransomware locked hospital files causing delays in patient care, and a need to transfer patients to other facilities….

The only full-service community hospital in Southern California, Hollywood Presbyterian Medical Center, was hacked last Friday.  This lead to various files being encrypted causing the hospital to declare an “internal emergency”. Almost a week later, there are still IT issues, and patients reported experiencing delays in patient care.  Due to the ransomware, patient records are inaccessible.  Because of this, some patients have been sent to other facilities.

Hollywood Presbyterian Medical Center has been actively working with the FBI in an attempt to determine who is responsible for the malware.  They also hired computer forensics experts to try and decrypt the files, but were unsuccessful.

The ransomware scammers were requesting the equivalent of 3.4 million dollars in digital funds called Bitcoins, in exchange for the encryption key.  It was announced earlier today that the hospital indeed paid the scammers.  But much less than the original request.  According to the Los Angeles Times, the medical center paid the equivalent of $17,000, in Bitcoins, for the encryption key.

There are no current leads on how the ransomware accessed the hospital’s files.  KnowBe4 believes it could have been a socially engineered attack that could have been avoidable had employees had security awareness training.  Dodi Glenn, PC Pitstop’s Vice President of Cybersecurity, reported how ransomware scams are initiated to International Business Times,

“They throw out a wide chum net and whoever bites, bites.  It’s a highly transactional business.”

Sources:

http://www.zdnet.com/article/hollywood-hospital-becomes-ransomware-victim/

http://www.nbclosangeles.com/news/local/Hollywood-Hospital-Victim-of-Cyber-Attack-368574071.html

blog.knowbe4.com/ransomware-roundup-1/15/2016?ransomwarehitshospital=

http://www.latimes.com/local/lanow/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html

http://www.msn.com/en-us/money/technologyinvesting/what-a-california-hospital-hack-taught-us-about-ransomware/ar-BBpSU0s

Check out our interactive, live map of the ransomware attacks that have taken place within the U.S. below:

(Visited 9 times, 1 visits today)

8 thoughts on “Only Full-Service Community Hospital in LA Grinds to Halt

  1. I saw this on the evening news last week and they mentioned only the firewall. Firewalls do not prevent these problems from taking place, they only prevent unwanted traffic. Since the hackers found the open ports in the firewall which allow wanted traffic, this incident took place. What I’d really like to know since I teach computers and internet defense at the college level is did the IT staff not have RAID 5 or 10, anti-virus, Spybot, Black Ice, Malwarebytes, and Wireshark? If they are unskilled in these areas they need to get trained in them. If they were turned down for the financial resources to implement them, this is the perfect situation to discuss preventing future attacks. As far as the perpetrators of this attack, the jury and judge should seek the highest available punishment for them. Since it is against the law the court can’t, but wouldn’t it be fitting to publish their faces, names, addresses, and social security numbers on the internet and give them a taste of their own medicine?

    • @Bob: I’m sure they did. But anyone in IT knows that you can have all the protections in place, update the AV several times a day, do malware blocking, and if the attackers develop their software before they AV/malware vendors are able to update their definitions, it isn’t going to do a lot of good. This is why staff needs to be trained on defensive internet use.

      • You are absolutely correct. In the time it takes for the traditional blacklist to be updated with new viruses/malware, people are still exposed. This is exactly why the traditional AV/malware blacklist concept is obsolete. PC Matic uses a whitelist approach, meaning a list of all the safe programs, known and proven to be malware/virus free. So all of the new malware is blocked because it would not be on the “safe” list. Malware scammers can always make more malicious programs, and the blacklist cannot block them all. Once they catch up to the latest virus, the next one is on its way. Using the whitelist technology provided by PC Matic proves to be the safer method for your PC.

  2. I suspect that Linux Mint or GhostBSD Might have been better operating systems for hospitals rather than Windows.

  3. Attacking a Hospital is the lowest these scums have gotten to.

    Obviously these A holes can be traced and brought to justice, so why are they still in existence?

    With the help of these,
    A regional Internet registry (RIR)
    ARIN (Canada, United States, some Caribbean nations)
    RIPE NCC (Europe, Russia, Middle East, Central Asia)
    APNIC (Asia-Pacific region)
    LACNIC (Latin America, some Caribbean nations)
    AFRINIC (Africa) and all ISP’s we can find them and jail the bastards.

    Holding Hospital records to ransom is endangering lives and can have dire consequences.

    These People must be brought to justice and stopped !!!

Leave a Reply

Your email address will not be published. Required fields are marked *