Hollywood Presbyterian Medical Center paid $17,000 (40 bitcoins) last night to hackers to regain control of its IT systems after last week’s ‘ransomware’ attack forced them offline. According to CEO Allen Stefanek, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.” HealthcareITNews has the details and the full CEO letter/press release, including that no patient or employee information appears to have been compromised.
Obviously there will be more to follow including the usual opining, but in this resolution and spin, a bad precedent has been set in this Editor’s view. Labeling it a ‘low-tech’ attack shines a Klieg light (this is Hollywood after all) on the vulnerability of this hospital’s system. They now have the decryption key to the malware, but what other bad code and general mischief is buried in their systems to crop up later? Another question: was the inflated bitcoin number floated to make the paid ransom seem ‘affordable’? Is this a Hollywood ending where all is happy, or is this an episode in the continuing soap opera of ‘Hospital as Cash Machine’?
Our original article follows: (more…)