Hackers Took Control of a Hollywood Hospital and Now They're Holding It for Ransom

Impact

Another Hollywood institution has fallen prey to hackers, but this time people's lives are at stake.

The FBI and Los Angeles Police Department have launched an investigation into an attack on Hollywood Presbyterian Medical Center that has rendered the facility's computer network inoperable. Those responsible for the downed system are now asking the hospital to hand over 40 bitcoins, or roughly $17,000, in exchange for restoring the hospital's computers, according to NBC News

That hack recalls the 2014 attack on Sony Pictures, which took the company's computers offline and led to the leaking of a bevy of internal documents and employees' personal data. Similar to Hollywood Presbyterian's predicament, the Sony hackers wanted money. When Sony didn't fork over the cash, the hackers began dumping massive quantities of data onto the web. In addition to causing Sony deep embarrassment, the hack also kicked off a wave of Ransomware

That trend is only growing stronger. Cybersecurity experts at McAfee Labs said they're already seeing a rash of beefed-up ransomware and a flush of new campaigns in 2016. In a blog post on Monday, the company explained that these types of attacks are particularly insidious for hospitals, because of the number of data-gathering internet connected devices their networks host.  

Getty Images

"The moment the data on these systems is encrypted by ransomware, daily operations come to a halt because parts of the chain are no longer available," McAfee threat intelligence research manager Christiaan Beek wrote. Furthermore, it can be arduous to remove malware within a hospital because of the vast number of devices on the network. Beek said he learned this firsthand during a collaboration with Intel Security in which he had to clean up a few hospitals hit with malware. 

"The biggest challenge we had was to clean medical devices, usually running an old version of an embedded operating system. We sometimes ended up with command-line tools and custom configuration files to clean those devices of malware," he wrote. 

Most hospitals do have security processes in place to keep patient data safe. A 2014 survey found that a majority of hospitals encrypt data and devices, including hospital work stations, mobile phones and laptops. But where hospitals stand to improve is in threat detection. The SANS Institute noted in a 2014 study that 41% of healthcare workers surveyed felt their institutions' breach detection policies and software were weak. The SANS study concludes that though the healthcare industry is making incremental adjustments to tackle growing cybersecurity threats, its efforts are not enough. "Investment in understanding the new threat landscape and designing solutions to protect against these attacks, including leveraging newer tools for protecting data and responding to new forms of attacks, become critical to staying ahead of attackers."

Correction: Feb. 18, 2016