14 DAY TRIAL // Hollywood Presbyterian Medical Center (HPMC) President & CEO, Allen Stefanek, issued a statement yesterday announcing that his institution decided to give in to a ransomware infection and pay the ransom.
We reported earlier this week on a high-profile cyber-attack incident that involved the aforementioned LA hospital. No details were provided at that time, but all clues pointed to a classic ransomware infection, with rumors saying that the hacker was asking for a 9,000 Bitcoin ransom, which was about $3.6 million (€3.2 million) in today's currency.
The cyber-attack effectively stopped the hospital's normal activity, which could not use its IT system and was forced to go back to using pen and paper.
Various hospital sections were shut down, email was unusable, and patients had to come to the hospital themselves to pick up test results.
According to HPMC's CEO, the reports were accurate when they blamed the incident on a ransomware infection but were greatly exaggerated when it came to the ransom's size.
Hospital was back up and running on February 15
Mr. Stefanek says that the ransomware infection took place on February 5 and infected only a few of the hospital's computers, totaling to 40 Bitcoin, which is around $16,800 / €15,000.
The hospital official says they paid the ransom, even before calling in law enforcement (local police and FBI), and that by Monday, February 15, the hospital was back online and fully operational.
At the end of October 2015, while speaking at a security conference in Boston, Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s Cyber and Counterintelligence Program, made waves in the infosec community after he acknowledged that the Bureau was often advising companies to just pay the ransom demand when facing ransomware infections.
While many security experts contradicted and argued against the FBI's stance, this is one of those cases where you're glad the hospital took this solution, especially since there were people's lives at stake.
You can read HPMC's statement below.