Hospital Pays Hackers a Ransom to Regain Control of Its Computers

February 5, 2016, started out like any other day for the doctors, nurses, and other staff members at the Hollywood Presbyterian Medical Center in Los Angeles, California. But by the end of the day, many of them could no longer access or update patients' medical records. Nor could they send or receive emails. When the hospital's IT department investigated, it found that the computer systems were infected with ransomware.

The ransomware had encrypted the hospital's files, paralyzing its computer systems. The hackers demanded 40 bitcoins (about $17,000) to get the decryption key. The hospital paid the ransom. "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," explained president and CEO Allen Stefanek in a statement released by the hospital. After the hospital regained control of its computer systems on February 15, the IT staff, with the help of outside computer experts, removed the malware.

Not an Isolated Incident

The Hollywood Presbyterian Medical Center is not the only hospital to come under attack. Two hospitals in Germany also reported being ransomware victims. The Lukas Hospital in Neuss was attacked on February 10, 2016. Two days later, Klinikum Arnsberg was targeted. Although the ransomware had encrypted some files at each hospital, neither one paid the ransom.

While the Hollywood Presbyterian Medical Center, Lukas Hospital, and Klinikum Arnsberg reported their attacks, most organizations attempt to hide them, according to Bob Shaker, director of strategic operations for Symantec's Cyber Readiness and Response group. He knows about hundreds of ransomware attacks in a variety of industries that have been kept secret.

Shaker and other security experts fear that the successful attack on the Hollywood Presbyterian Medical Center will encourage more organizations to pay the ransom if infected by ransomware. This, in turn, will lead to hackers launching even more attacks.

What You Can Do to Protect Your Business's Computer Systems

Since more ransomware attacks are inevitable, you need to take measures to protect your business's computer systems. Perhaps the most important measure is to back up your files and make sure they can be successfully restored. Although this will not prevent a ransomware attack, it will mitigate its effects. You will not have to pay the ransom to get your files back since you can restore them from the most recent backup.

Prevention is also important. To help prevent a ransomware attack, it is helpful to know the common ways of getting infected. They include:

  • Visiting a malicious website or a legitimate website that has been hacked
  • Opening a file or clicking a link in a phishing or spear phishing email
  • Being infected with some other type of malware that, in turn, downloads the ransomware

Given these attack vectors, one way to help prevent ransomware is to use anti-malware software. It can help guard against known ransomware ploys and other kinds of malware threats.

Taking advantage of the popup blocker functionality in web browsers is another way to help guard against ransomware. Popups sometimes contain malware or lead to malicious websites. In addition, you need to educate employees about the importance of avoiding any websites marked as potential security threats by their web browsers or anti-malware software.

You also need to educate employees about how to spot phishing or spear phishing emails. Let them know what they should and should not do:

  • They should not open any email attachments that are not expected. If the email is from someone they know, have them check with that person first before opening the attachment.
  • They should not click any links embedded in emails sent from unknown sources. Even if they know the person who sent the email, have them check the link (hover their cursor over the link to see the address of the website) before clicking it.

Take Action Now or Pay Later

Ransomware is one of the biggest cyber threats in 2016, according to McAfee Labs and Trend Micro. To avoid becoming a victim, you need to take action now to protect your computer systems. Waiting could cost you money, hassle, and negative publicity. Contact us to do an IT security assessment to reduce the risk of your data being held ransom. We can also help you set up effective backup and restore operations.