A Hospital Paralyzed by Hackers – The Atlantic

8 months ago Comments Off on A Hospital Paralyzed by Hackers – The Atlantic

A recording on a media-relations phone line at the hospital said that “patient care has not been compromised” after the cyberattack, but a spokesperson was unavailable for further comment.

The fact that hackers were able to encrypt patient records doesn’t necessarily mean they gained access to those files, but the goal of this type of cyberattack isn’t to get to patient information; it’s to make sure that the hospital can’t get to it, either. Viruses and malware that take over a server or a computer and demand money to return it are known as ransomware. The tactic has spread in popularity in recent years, as hackers take advantage of the increase in networked devices, gadgets, and servers.

Alan Stefanek, the CEO and president of Hollywood Presbyterian, told NBC reporters that the cyberattack on his hospital was “random” and not malicious. If that’s the case, then it’s possible someone at the facility clicked on an infected link in an email or a pop-up ad and introduced a virus onto the hospital network.

When a ransom-seeking virus infects a computer or server, it starts by encrypting the contents of the device. Using publicly available encryption methods, an attacker can lock up the contents of a device so effectively that even the FBI has given up on decryption efforts in the past. The attacker then offers the key to the victim’s now-encrypted files back to the user—for a price. The average ransom demand is just $300, but if a hacker knows they’ve bested a wealthy organization desperate for its data back, they’re likely to dream much bigger.

If the hospital chooses to pay the ransom, or negotiate terms for the release of its data, it will not be the first health-and-safety organization to do so. When a number of small police departments in Massachusetts, Tennessee, and New Hampshire were hit with separate ransomware attacks, all three paid between $500 and $750 to get their data back.

Those departments paid because the data they’d lost was essential, and federal law-enforcement attempts to defeat the ransomware were unsuccessful. Hollywood Presbyterian patient-record history and email archives are likely just as indispensable, but the reported seven-digit asking price dwarfs the $500 hackers got from the police departments.

While it’s unlikely that the facility will pay millions of dollars to restore its databases and systems, it’s in desperate straits without a backup of its patient files. Unless law enforcement can break the encryption keeping the data hostage, the hospital may be forced to start from scratch.

A Hospital Paralyzed by Hackers – The Atlantic