LOS ANGELES, Calif. – A group of hackers carried out a ransomware extortion plot against Hollywood Presbyterian Medical Center on Feb.
The cyber extortionists took control of the hospital’s computer systems and then demanded that directors pay 9,000 bitcoins, -about $3 million – to regain access, as reported by MIT Technology Review. Chief executive Allen Stefanek declared an internal emergency due to the information technology problems caused by the cyber extortionists.
Hackers involved in the ransomware attack demanded computer currency rather than traditional cash because this transaction allows them to keep their identities unknown. This kind of attacks usually consists of infecting files or downloading programs that encrypt the target’s data before cutting off access. The victim then sees a message on the computer’s screen demanding ransom in bitcoin.
Los Angeles Police Lt. John Jenal said that hospital directors called the Los Angeles Police Department last week, according to a report by Los Angeles Times. Federal Bureau of Investigation spokeswoman Laura Eimiller declared the bureau was already involved in the case but declined to give details of the investigation.
Since the day of the attack, hospital staff and patients have been forced to use the fax machine, old-fashioned doctor shorthand and pen-and-paper for its record keeping. Los Angeles Times reported that a hospital voice message told callers that patients’ records had not been compromised in the ransomware attack.
Medical records become vulnerable when transferring to the Electronic Health Records system
Hackers are taking advantage of the transfer of medical record to the Electronic Health Records system. They see an opportunity to hold more personal data compared to the amount of information they can take from retailers or banks, given that hospitals and insurance companies are much slower to protect themselves against cyber-attacks, as Monitor’s Passcode correspondent Jaikumar Vijayan reported after a massive hack into Premera Blue Cross computer system.
Vijayan also wrote that cyber-attacks have the potential to cause major problems for patients, even for those who had no contact with the medical center during or immediately after the incident. Hackers can trade patients’ personal information on the black market for people to commit identity theft, as well as use it to get prescription drugs and commit insurance fraud.
Individuals who are victims of identity theft will see their medical treatments affected, their health insurance will be disrupted and their credit scores lowered. In 2014, about 2.3 million people were affected by identity theft, marking a 21-percent increase from 2013. This problem costs victims an average of $13,500, as reported by the Ponemon Institute, which is an organization focused on security and privacy research.
Source: Los Angeles Times