Take Two

News and culture through the lens of Southern California. Hosted by Alex Cohen & A Martínez

How a computer hack shut down a hospital and extorted $17,000

by KPCC staff with AP | Take Two

119004 full
The entrance to Hollywood Presbyterian Medical Center in Los Angeles. Flickr Omar Bárcena/Creative Commons

A Los Angeles hospital paid a ransom in bitcoins equivalent to about $17,000 to hackers who infiltrated and disabled its computer network, the medical center's chief executive said Wednesday.

It was in the best interest of Hollywood Presbyterian Medical Center to pay the ransom of 40 bitcoins — currently worth $16,664 dollars — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement.

The FBI is investigating the attack, often called "ransomware," where hackers encrypt a computer network's data to hold it "hostage," providing a digital decryption key to unlock it for a price.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

Ransomware attacks can happen to everyone from individuals to large institutions.

Bitcoins, the online currency that is hard to trace, were quickly becoming the preferred way hackers collect a ransom, FBI Special Agent Thomas Grasso, who is part of the government's efforts to fight malicious software including ransomware, told The Associated Press last year.

During 2013, the number of attacks each month rose from 100,000 in January to 600,000 in December, according to a 2014 report by Symantec, the maker of antivirus software.

A report from Intel Corp.'s McAfee Labs released in November said the number of ransomware attacks is expected to grow even more in 2016 because of increased sophistication in the software used to do it.

The company estimates that on average, 3 percent of users with infected machines pay a ransom. It's not clear how many of those users were individuals and how many companies. Some ransomware attacks go unreported because the victims don't want it publicized they were hacked.

Workers at Hollywood Presbyterian noticed the network problems on Feb. 5, and it became clear there was a malware infiltration that was disabling the network.

Computer experts and law enforcement were immediately informed, Stefanek said. On Monday, 10 days after the attack, the network was in full operation again, he said.

FBI spokeswoman Laura Eimiller said the agency is investigating the extortion plot, but she could not immediately provide further details.

Neither law enforcement nor the hospital gave any indication of who might have been behind the attack or whether there are any suspects.

Patient care was not affected by the hacking, and there is no evidence any patient data was compromised, Stefanek said.

The 434-bed hospital in the Los Feliz area of Los Angeles was founded in 1924. It was sold to CHA Medical Center of South Korea in 2004. It offers a range of services including emergency care, maternity services, cancer care, physical therapy, and specialized operations such as fetal and orthopedic surgeries.

The Associated Press

11:13 a.m. Hospital shut down with $3.4 million ransom

Hackers have taken a hospital in Los Angeles hostage, and they say the only cure is to fork over more than $3.4 million.

The computer network at Hollywood Presbyterian Medical Center has been shut down since last week, a victim of a nasty infection known as ransomware. With computers offline, some patients had to transfer to other hospitals. Certain procedures like CT scans couldn't be done and people's personal medical records were affected, too.

Brian Barrett wrote about the incident for Wired magazine. He spoke to Take Two about how a computer hack could take down an entire hospital. Here are the highlights. 

What’s ransomware?

It’s had a lot more public instances lately, but ransomware has been around for about 10 years. Recently though, it's been more high profile because it's evolved. What happens is any other malware that might take over your computer if you click on a suspicious link, except this time when you click on it, it will block you from accessing your computer. And instead, you'll see a message that says, "Pay this amount, and then I'll let you get back in."

What appears to have happened in this case, although the hospital has not released any details, is that a new twist is that they're encrypting all the information on your computer. So that not only can you not access it, you run the risk of never being able to get to it again unless you pay up. And you get a key to get the information back.

Do we know who initiated this particular attack?

We don't. And there's every chance that we may never. The payment systems are through bitcoins, so the screen will show up and say, "Pay us this much bitcoin" — in this case 9,000, which is about $3.5 million. And those payments end up going to anonymous digital wallets so you never really find out who's behind it. There are dozens of people who are using ransomware today — organized groups, individuals. It's really hard to track them down. 

How did they get to this hospital?

Of the little information [the hospital has] given out, they did say it appeared to be a random act. And what happens is, these hackers will put a wide sweep of links in malicious places for people to click, [like] in emails. They basically go phishing.

There's every chance that someone from the hospital just happened to click on the wrong email link and then the hackers found out what they had. And as for this exorbitant sum, a lot of the times when you see these attacks it will be a few hundred dollars here and there. The FBI has even said in the past, "Go ahead and pay it. It's not worth it."

In this case, they're not. I think because it's such a large amount of money. But yeah, it looks as though someone at the hospital was just unfortunate enough to click the wrong link at the wrong time. 

Hospitals are frequently targeted by hackers partly because they have such sensitive information and they have access to a lot of personal records. It's not clear that this is the case though. 

We did reach out to Hollywood Presbyterian but they didn't return our call for comment. But they do have an outgoing voice message that says they'll have a statement later today. Is there a way to break the hack without having to pay the ransom?

That's what they're working with the FBI and LAPD on right now. It's very difficult though, especially when if it's the case where — again we don't know for sure — but if it is the case where the hackers have encrypted all the information then they have a digital key that can unlock it. And without that key, it can be very, very difficult to access that information again.

So you know it is hypothetically impossible. They're going to have a hard time doing it, and they probably need to track down the people who perpetrated this in order to have access. 

Why ask for the ransom in bitcoin?

Bitcoin is anonymous. It's called a cryptocurrency. It's very popular among all sorts of people, hackers or not. But it's untraceable basically. The payment would go to a digital wallet that was anonymous. There's no way to find out whose it is. So that's really the preferred method for this instances. It's sort of the Swiss bank account of the Internet. 

The idea of regulating bitcoin is something that gets tossed around here and there. It's also partly the fact that it's so decentralized. It's hard to regulate in that way too. But I think it's one of those situations where anytime you have an anonymous system or a decentralized system, you're going to have benefits and then people who take advantage of that situation. 

Should we be worried? 

If anything, those alarm bells should probably already have gone off. So if this raises more awareness of this as an issue, that's great. And the good news is protecting yourself against ransom, where really it isn't that different from protecting yourself against any other kind of malware.

You've got to make sure that software is up to date with all the security patches from, whether it's Apple or Microsoft, or whoever. Don't click on links that you don't trust. Don't go to sites that you don't trust. And that's as true on your phone as it is on your laptop or desktop. If you do find yourself in this situation, certainly report it to the authorities. But know that you may end up having to pay.

This story has been updated.

blog comments powered by Disqus

Enjoy Take Two? Try KPCC’s other programs.

What's popular now on KPCC