Hollywood Hospital records held up by ransomware & the hospital pays the ransom..

February 18, 2016 |

Verizon highlighted the concerning extent of data breaches involving health information in 2015 in its report 2015 Protected Health Information Data Breach Report.  The vast majority of breaches arise out of errors and misuse with hacking and malware being a relatively small sub set of the problem.

These breaches cause reputational damage but also compromise the integrity of the records with people withholding information.  The report notes:

Recent studies have found that people are withholding information—sometimes critical information—from their healthcare providers because they are concerned that there could be a confidentiality breach of their records.
This problem illustrates why it is so difficult to measure the true impact of breaches. What many organizations fail to remember is that the data they collect is about the relationship they have with those data subjects. As reports of medical record losses continue to pile up, the trust between medical providers and their patients is being eroded. The implications of this may be wider than practitioners anticipate.

The report also notes the importance of encryption stating:

Even if organizations only encrypt a subset of their portable assets, it will reduce the overall risk of a breach on those assets that are not directly used for patient care

It is not hard to find breaches in the health system, such as Magnolia Health Corporation notifying its patients of a data breach by letter dated 12 February 2016, medical records being found in an unsecured public landfill in Florida earlier this month,

What is causing significant concern and not shortage of coverage is Hollywood Presbytarian Medical Center’s records being the subject of a ransomware attack, well reported by the BBC in Hollywood hospital held to ransom by hackers which provides:

Ransomware is a growing menace for computer users – but when a hospital is targeted, it makes the disruption far more serious.

Computer systems at Hollywood Presbyterian Medical Center have been offline for more than a week following a ransomware attack.

According to local news sources, hackers were said to have demanded $3.4m (£2.4m) to provide the codes to unlock the stolen data.

The hospital has confirmed the attack took place, but has not commented on the ransom.

A voicemail message at the hospital reassures patients that medical records had not been accessed by the hackers.

Investigations into the source of the attack – which hospital officials said appeared to be random rather than targeted at the facility – are being conducted by the FBI, Los Angeles Police and computer forensics experts hired by the hospital.

The hospital insists that day-to-day operations have not been impacted, although many tasks normally carried out on computer are now being done on paper, much to the frustration of staff.

Patients are also being told they must travel to pick up medical test results in person rather than receive them electronically.

Ransomware attacks are increasingly common, and are difficult to fully protect against.

Malicious software is placed on a computer – often via phishing attacks – and proceed to lock up files.

Ransomware will typically try to extort money from the user quickly, saying that if the demand is not met, the files will be deleted.

The most common type of ransomware is a malware package known as Cryptolocker, which experts say has infected hundreds of thousands of machines around the world.

Last month, the council for the English county of Lincolnshire was hit with a £350 ransomware demand – but it said it refused to pay.

And yesterday, 17 February 2016, Hollywood Presbytarian paid the ransom of 40 Bitcoins, the sum of $17,000.  A decryption key was provided and the systems restored.  The statement by the Medical Center provides:

February 17, 2016

I am writing to talk to you about the recent cyber incident which temporarily affected the operation of our enterprise-wide hospital information system.

It is important to note that this incident did not affect the delivery and quality of the excellent patient care you expect and receive from Hollywood Presbyterian Medical Center (“HPMC”). Patient care has not been compromised in any way. Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access.

On the evening of February 5th, our staff noticed issues accessing the hospital’s computer network. Our IT department began an immediate investigation and determined we had been subject to a malware attack. The malware locked access to certain computer systems and prevented us from sharing communications electronically. Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.

The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

HPMC has restored its electronic medical record system (“EMR”) on Monday, February 15th. All clinical operations are utilizing the EMR system. All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event.

I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process. I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.

And of course, I want to thank our patients and community for their continued trust in Hollywood Presbyterian Medical Center.

One Response to “Hollywood Hospital records held up by ransomware & the hospital pays the ransom..”

  1. Hollywood Hospital records held up by ransomware & the hospital pays the ransom.. | Australian Law Blogs

    […] Hollywood Hospital records held up by ransomware & the hospital pays the ransom.. […]

Leave a Reply