- Hollywood Presbyterian Medical Center (HPMC) has paid $17,000 after a ransomware attack, which encrypted its EHR and demanded the sum of money in exchange for the encryption key.
According to a public statement from the hospital, there is no sign that any information stored on the EHR has been misused or accessed by unauthorized individuals. The extent of the hack was reportedly the encryption of the files.
HPMC discovered the breach on February 5 after staff members reported issues accessing parts of the hospital network. The hospital explained that it then began a thorough investigation, discovering that it had fallen victim to a malware attack that kept them from accessing patient medical files stored in their EHR. Local authorities were then contacted.
The ransom for the breach was 40 bitcoins, an equivalent of $17,000. HPMC emphasized that the reports of a 9,000 bitcoin, or $3.4 million, ransom are incorrect.
The hospital stated that it paid the $17,000 ransom because that is typically the quickest and easiest way to regain access to its EHR files, and that it was in the best interest of the hospital and its patients that it pays the ransom.
Full access to the EHR was regained on February 15. According to HPMC, all of its records have been completely cleansed of the malware and checked for adequate security standards.
The statement from the hospital, signed by CEO and president Allen Stefanek, thanked HPMC staff and technical workers for mitigating the issue in a professional and timely manner.
“I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process,” Stefanek wrote. “I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.”
These kinds of ransom attacks are rather uncommon in hospitals, Phil Lieberman, a cybersecurity expert, told the LA Times.
“I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk, and it is sickening to see such an act,” he said. “Health management systems are beginning to tighten their security.”
According to Parham Eftekhari, ICIT co-founder and senior fellow, these kinds of ransomware attacks could continue to plague the healthcare industry in the future.
“As we have seen in the recent attack on Hollywood Presbyterian, hackers are able to completely paralyze an organization until it pays a ransom which may or may not unlock their systems and data,” he said earlier this week in an interview with HealthITSecurity.com. “The hundreds of thousands or millions of dollars paid in ransom is a small price to pay for an organization when faced with the alternative of losing everything and threat actors know it.”