(February 18, 2016) It was not a Hollywood movie but a real life ransomware attack that shut down the enterprise-wide hospital information system of an acute care facility for 10 days.
Hollywood Presbyterian Medical Center said it paid 40 Bitcoins or about $17,000 in ransom to obtain a decryption key to unlock its information system. Ransomware is a malware program that encrypts and locks computer files. The only way the files can be opened is to obtain a decryption key from the hacker.
The hospital said it became aware of the ransomware attack on February 5. “Law enforcement was immediately notified,” Allen Stefanek, the hospital’s president said in a press release. “Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.”
The quickest way to bring the system back, Stefanek said, was to pay the ransom. “In the best interest of restoring normal operations, we did this.” He said reports that the hospital paid $3.4 million in ransom were “false.”
Balough Law Offices assists its clients in developing policies and procedures for employee use of email and mobile devices and with preparing security policies. In many cases, systems are infected with ransomware when an email with the malware is opened. Companies must be vigilant in ensuring that their employees are aware of the dangers of opening attachments to emails, especially when they do not know the sender.