A Hollywood hospital is keeping all of its records on paper this week, after hackers rendered its computer systems unusable and demanded a multi-million-dollar payment to fix the problem. Ransomware, an extortion scheme where hackers encrypt all of their targets’ data and essentially sell it back to them, has become increasingly common over the past few years, but this might be the most extreme case yet.
Employees at Hollywood Presbyterian Medical Center said the hackers are asking for $3.4 million in Bitcoin. The FBI and Los Angeles police are investigating, but, in the meantime, things at the hospital have slowed down tremendously. Some patients have been transferred, and others have been told to pick up their medical test results at other facilities.
Medical centers and dentists’ offices in Australia have been hit by ransomware gangs — believed to be Eastern European and thus difficult to trace or prosecute — over the past couple of years. In most cases, the hackers keep the ransom low enough that it’s cheaper for targets to pay up than to hire expensive IT professionals to attempt to fix the problem. And that’s if it’s even fixable: Without a key, modern encryption can take years to break.
The typical target for CryptoLocker, probably the most widespread form of ransomware, is an individual internet user who will likely pay around $350 to unlock their data. Or won’t bother to pay at all, which is why scammers typically aim for a huge number of small scores instead of one big one. For some reason, Australians are popular marks. In 2015, 2,500 Australians were taken for a total of around $400,000 — and those are just the victims who bothered to file reports.
All of which is to say that targeting a large U.S. hospital and asking for millions of dollars is a wild new development in the spread of ransomware, and that high-value targets like hospitals and government agencies would do well to keep backups of all of their data on internal servers that are not connected to the internet.
Update: The hospital said Thursday that it paid 40 bitcoins (around $17,000) to the hackers in exchange for the decryption key. Local news reports claiming the ransom was $3.4 million were incorrect, the hospital’s chief executive wrote in a memo.