A ransomware cyberattack targeting the Hollywood Presbyterian Medical Center left employees unable to access patient files and even had hospital staff declare an “internal emergency.”
What began as a cyberattack on a Southern California hospital last Friday has soon unraveled into the hospital President and CEO declaring an “internal emergency” following “significant IT issues” faced by the hospital. The hospital sought the assistance of the Los Angeles Police Department (LAPD) and the FBI, according to NBC.
While there are no reports of a breach or compromise of patient or employee information, an unnamed doctor has told the news outlet that the hospital system was hacked and is currently being held for ransom.
Various parts of the hospital were rendered not operational. Some patients were transported and transferred to other hospitals as a result of the incident. Essential computer systems supporting CT scans, lab work, pharmacy and more departments are knocked offline.
A Ransomware Attack
While the hospital tries to avoid disruption of the cyberattack over the past few days, the revelation from the anonymous doctor points to the very plausible scenario of a ransomware attack.
As a particularly irksome and wildly successful strain of malware, ransomware usually finds legs through malicious downloads and phishing campaigns. When a ransomware’s payload is triggered, the malware encrypts the targeted computer’s files before revealing a ransomware note along with a wallet address belonging to the extortionist that seeks the ransom. Typically, ransomware campaigns seek a cryptocurrency such as Bitcoin.
Furthermore, FOX 11 News has ascertained that the hackers have demanded millions in ransom in exchange for the decryption key required to render the hospital’s systems operational again. Speaking to Eric Robi, a computer forensics expert, the news outlet revealed that the hackers have demanded 9,000 bitcoins, approx. $3.6 million.
The hospital’s network has been down for a week already. As things stand, hospital staff are forced to rely on telephones and fax machines. Medical records and new patient registrations are logged on paper while staff are instructed to not operate their systems until being directed to do so.
Featured image from Wikimedia.