pixel_dreams - Fotolia

Cyber criminals hit US hospital in ransomware attack

Hollywood hospital forced to shut down all its computer systems while the FBI and others investigate

A US hospital is the latest high-profile victim of cyber criminals using malware known as ransomware to encrypt vital data and demand payment to unlock the data.  

Ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services, according to the UK National Crime Agency.

In 2013, the NCA’s National Cyber Crime Unit (NCCU) warned of a mass email-borne Cryptolocker ransomware campaign aimed at small and medium enterprises and consumers.

Since then, ransomware has become increasingly popular with cyber criminals, with its use increasing by 58% in the second quarter of 2015, according to a threat report by Intel Security.

Research has shown that relatively low-cost ransomware attacks typically net thousands of pounds a week for attackers as companies pay ransoms in bitcoin for the decryption keys to unlock their data.

Some reports said the victim of the latest attack, the Hollywood Presbyterian Medical Center, has been forced to transfer some patients to other hospitals after ransomware downed its computer systems by encrypting critical data a week ago. But according to the BBC, day-to-day operations have not been affected, although many tasks normally carried out on computer are now being done on paper.

Patients are also being asked to collect their medical test results in person because the hospital is currently unable to send them electronically.

Doctors reportedly do not have access to patient information, including past medical records, records for newly admitted patients, and medical test results such as CT scans and X-rays.

The cyber criminals behind the ransomware attack have reportedly demanded payment of 9,000 bitcoins, worth about $3.6m, but the hospital has confirmed only that the attack took place and that all medical records are safe.

Read more about ransomware

The hospital has not revealed how the ransomware infected its network or what kind of ransomware was used.

News of the US hospital attack comes just two weeks after Lincolnshire County Council in the UK was hit by a similar attack.

Initial reports said the attackers had demanded a £1m ransom, but the council later confirmed a ransom of only about £345, but said that at no point had it considered paying. 

Cyber extortion is a growing threat to companies around the world, but the extent of the practice is largely hidden because many firms just pay up and keep quiet, say security experts.

As with Linconshire Council, hospital officials in the US said the attack appeared to be random rather than specifically targeted at the hospital.

The US attack is still under investigation by the FBI, Los Angeles Police and private computer forensics experts. ...................................................

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I'm curious as to how the infection occurred. Was it mobile devices that were not authorized to the network? Medical devices attached to the network? I am afraid of what could have really happened if they took control of network medical devices. I only hope they have good backups and DR plan.
Cancel
That's awful. For the patients, it wasn't just an inconvenience, but could have been detrimental to their health. Doctors wouldn't be able to make the best decisions without having access to patient records. 
Cancel
With the IoT happening so fast today, this is a scary situation. Ransomware may have just been a preliminary attack to test their network security. Apparently it failed. Unless the hole or exploit is fixed I can see others happening.
Cancel
This is why certain institutions, like hospitals, should have isolated networks. Whatever devices they run, it must stay within the bubble.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close