The Hollywood Presbyterian Medical Centre has spent the last week crippled by a ransomware attack that has left multiple critical systems offline. Law enforcement agencies are scrambling to uncover the identities of the hackers, and in the mean time the attackers are asking for 9000 BTC – which is worth about RM15 million.
There is no information about the type of ransomware that is currently affecting the HPMC, although it looks like the typical version that simply encrypts entire hard drives and demands a ransom in exchange for the private key necessary to read the data. At the moment, staff at the hospital have had to resort to using old fashioned pen and paper to record patient information; other patients have been moved to other facilities as the systems needed for CAT scans and lab work have been affected by the cyberattack.
Hospital president and CEO Allen Stefanek has declared the event an internal emergency. Pharmacy systems have been offline, and the malware has been interfering with the emergency room.
It is one thing for hackers to target hotels and banks to make a quick buck, but crippling an entire hospital is crossing a line from petty criminal to outright villain. This is quite likely the worst case scenario for the hospital, and highlights the need for proper cybersecurity defences – or just training staff to avoid clicking on those suspicious links.