Hackers have taken the computer system of the Hollywood Presbyterian Medical Center hostage, demanding 9,000 Bitcoin or $3.6 million.
The Southern California hospital is a victim of ransomware, and it has been down for over one week as it recovers from the attack.
According to NBC, the damage has caused the hospital to be unable to continue day-to-day operations. To keep up activity at the medical center, the staff has turned to manual documentation using pen and paper to take down patient information and jammed fax lines and telephones to communicate from one department to another. The administration has forbidden the use of other computers for fear that the harmful software could spread to more workstations.
Allen Stefanek, President and CEO of the hospital, says that "significant IT issues" began to emerge last week, leading to a declaration of "internal emergency." He also mentions that the attack was random, not malicious, noting that the emergency rooms have been "sporadically impacted since Friday."
The hospital sought assistance from experts in cyber forensics and government authorities such as the FBI and the Los Angeles Police Department.
An unnamed doctor says that the system is being held for ransom, suggesting that the motive of the cybercriminals was not to steal patient data.
"At this time, we have no evidence that any patient or employee information was the subject of unauthorized access or extraction by the attacker," Stefanek tells NBC4.
With that said, the patients are not safe from harm. Stefanek insists that the incident has no impact on the overall care for the patients, but some have spoken out to say otherwise.
Jackie Mendez and her 87-year-old mother say that they have to drive to Palmdale to pick up medical tests, which takes them over one hour to do so.
"It's bad. She's an older person. It's not right she has to do this," she says.
Another patient named Belmont West is also affected by the incident. Belmont says he went to the hospital to get his grandmother's medical test results to no avail.
"It's a little worrying because when you go to a hospital you expect the best care, but it seems there is some sort of delay and failure in the system," he says.
Some outpatients had to miss their medical treatments because of the ransomware.
Also, some patients had to be transferred to other hospitals, as some of the medical equipment that need computers at the Hollywood Presbyterian Medical Center were rendered inoperable, including apparatuses for X-ray and CT scans, documentation and pharmacy and lab work.
Ransomware is a type of malware that is often spread via phishing attacks and downloads. Once it installs itself on a machine, it'll proceed to encrypt crucial system files.
The affected computer will have its system locked up this way, and the malicious software will pull up a message that warns users of a time limit before all their files are deleted, extorting money in the process.
Users who want to get rid of the ransomware will have to pay a certain fee to the attackers so that they would hand over release key codes that'll restore the system. To make it hard to track them down, cybercriminals usually ask for cryptocurrency. In this case, the currency asked for is bitcoin.
To put things into perspective, 9,000 bitcoin or $3.6 million is a relatively steep demand for a ransomware attack, but seeing as this is a high-profile case, that is more or less expected.
Photo: Yuri Samoilov | Flickr