Ransomware Hits Hospitals: What Does This Mean For You?
Posted By American Med Spa Association, Wednesday, February 24, 2016
A string of hospitals around the world - from Hollywood to Germany - have been hit recently by ransomware attacks, in a reminder that no organization is immune to outbreaks of malware that's designed to forcibly encrypt all data stored on PCs and servers.
One of the most severe cases involves Hollywood Presbyterian Medical Center, based in Los Angeles, which declared an "internal emergency" after staff noticed an apparent ransomware outbreak begin on Feb. 5. The attackers reportedly demanded 9,000 bitcoins, currently worth about $3.6 million. However, in a Feb. 17 statement, the hospital's CEO Allen Stefanek said reports of the ransom being over $3 million were incorrect, and that the hospital paid about $17,000 , or 40 bitcoins, to the attackers to unlock its data (see Hollywood Hospital Pays Ransom to Unlock Data).
"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."
Hospitals Hit in Germany, Texas
Another recent ransomware victim was Lukas Hospital, based in Neuss, Germany, which reported suffering an infection on Feb. 11, after the malware arrived attached to an email, reports German public news site WDR. The hospital said that it had complete backups, meaning that it could wipe and restore affected systems, and noted that all patient data was already encrypted, which forestalled any potential data loss. But as a precautionary measure, the hospital reportedly took all of its systems offline until they were fully restored, rescheduled 20 percent of its surgeries and shifted less-severe emergency care to neighboring hospitals.
In January, meanwhile, the Titus Regional Medical Center, based in Mount Pleasant, Texas, reported that ransomware had encrypted files on multiple database servers. "We couldn't get to our data," TRMC spokeswoman Shannon Norfleet told local newspaper The Daily Tribune. "When the computers went down and the network administrators accessed the network, there was the ransomware code."
TRMC said it brought in incident-response firm Kroll to conduct a digital forensic investigation and help restore systems following the ransomware infection. "The virus primarily impacted the ability for electronic medical records entry and retrieval, as well as the integration and coordination of interdepartmental orders (laboratory, pharmacy, imaging, etc.)," Norfleet told the newspaper. As a result, TRMC reverted to paper-based systems - and people running records back and forth - as if it was the 1970s, she added.
The medical center couldn't immediately be reached for comment about whether it has resolved the infection.
Read more at Healthcare Info Security.