Los Angeles Hospital Pays $17,000 Ransom to Computer Hacker

Staff returns to pen and paper

Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to a hacker who seized control of the hospital’s computer systems and wouldn’t give back access until he was paid, the hospital has reported.

The cyber-assault occurred on February 5, when a hacker using malware infected the institution’s computers, preventing hospital staff from being able to communicate from those devices, President and Chief Executive Officer Allen Stefanek said. The hacker demanded 40 bitcoins, the equivalent of approximately $17,000.

The attack forced the hospital to return to pen and paper for its record-keeping.

“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek said in a statement. “In the best interest of restoring normal operations, we did this.”

The hospital alerted authorities and was able to restore all of its computer systems with the assistance of technology experts. Stefanek said patient care was not compromised, nor were hospital records.

Since 2010, at least 158 institutions, including medical providers, insurers, and hospitals, have reported being hacked or having information technology issues that compromised patient records, according to federal estimates.

Source: Los Angeles Times; February 17, 2016; and HPMC; February 17, 2016.