Hollywood Hospital Succumbs to Hacker Shakedown

          Hollywood Presbyterian Medical Center on Wednesday announced that it paid approximately US$17,000 to resume normal operations after digital extortionists knocked its computer systems offline.

The Los Angeles hospital discovered its computer network infected with ransom ware earlier this month. Ransom ware is a form of malware that scrambles data and key files on a system and demands a ransom be paid for a digital key to unscramble the data.

After paying a ransom of 40 bitcoins, or $17,000, to the extortionists, the hospital was able to bring its electronic medical record system online, HPMC said. Bitcoins are a digital currency favored by cyber criminals because, like cash, they're difficult to trace.

"It is important to note that this incident did not affect the delivery and quality of the excellent patient care you expect and receive from Hollywood Presbyterian Medical Center. Patient care has not been compromised in any way," HPMC CEO Allen Stefanek noted.

"Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access," he continued.

Initial reports about the incident pegged the ransom at $3.4 million, or 9,000 bitcoins. Those reports were false, HPMC noted.

No Honorable Thieves

          Paying ransom might embolden the perpetrators of ransom ware, according to Rick Orloff, CSO of Code42

"It's analogous to why the government doesn't negotiate with hostage takers. It encourages hostage-taking," he told Tech News World.

If a ransom is paid, it should be done with caution, observed Lee Kim, director of privacy and security for the Healthcare Information and Management Systems Society.

"In the best-case scenario, you will get the decryption key," she told Tech News World..

"You'll be up and running and back to normal, but even if that does happen, you really should have some forensics and malware experts in there to make sure that there isn't any other malware on your systems," Kim continued.

"Don't trust criminals to do the honorable thing and not drop additional malware," she said.

To Pay or Not to Pay

          Ryan Kalember, senior vice president of cyber security strategy for Proof point, strongly opposed paying ransoms.

"Even if the attackers keep their word and decrypt your data, there is no guarantee that they will not leave other forms of malware running on the system in order to carry out other crimes, like sending spam emails, launching DDoS attacks, and stealing personal or financial data for use in online fraud and identity theft," he told Tech News World.

"Paying cyber criminals often funnels money to organized crime and terror groups and should be avoided as a rule to not perpetuate the cyber crime cycle," Kalember said.

However, whether to pay ransom isn't a black-and-white proposition, said Scott Gainey, senior vice president for Sentinel One.

"It's not a yes or no answer. It depends on the systems that were affected," he told Tech News World.

"Law enforcement has come out strong against paying the ransom for fear it will open up a Pandora's box, but in this case, patients were being diverted to other hospitals and it was severely affecting the hospital's business, so they may not have had a choice," Gainey said.

Moreover, "the cost of cleaning their environment could exceed the ransom that these guys are asking for," he added.