Cybercriminals have discovered how to hack into the computers of America’s hospitals and even hold entire medical centers for ransom, locking doctors and nurses out of systems and also obtaining private medical records.
In one stunning example, the staff of Hollywood Presbyterian Medical Center (California) was unable to use the facility’s computers after hackers infected them with a kind of malware known as ransomware on February 5. The only way to get access to the computers was to pay the hackers $17,000 worth of Bitcoins, which hospital officials did.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key” Allen Stefanek, chief executive of Hollywood Presbyterian Medical Center, told The Los Angeles Times. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
The hospital’s action received little nationwide attention and could mark an escalation in hackers’ attempts to infiltrate hospital computers.
“I have never heard of this kind of attack trying to shut down a hospital,” cybersecurity expert Phil Lieberman told The Times. “This puts lives at risk, and it is sickening to see such an act.”
The FBI is investigating the incident at Hollywood Presbyterian but did not reveal any suspects, The Times reported. What is truly frightening is that this was not the only attack on a hospital.
Methodist Hospital in Henderson, Kentucky, was thrown into a state of emergency on March 16 when ransomware made part of its computer network useless, CNN reported. As in Hollywood, hackers locked hospital staff out of their own computers and demanded Bitcoins.
Staff at Methodist shut down the infected part of the network and relied on backup copies until the ransomware was removed. Some of the hospital’s data may have been lost in the attack, which kept computers locked for five days.
Several other hospitals in the US were hit by ransomware that locks staff out of documents and data — such as a patient records — in February and March, CNN said.
“[Hospitals] have critical information and money to pay,” said Ed Cabrera, an executive at security software maker Trend Micro. “They’re seen as easy targets.”
Trend Micro had predicted that 2016 will be the “year of online extortion.” Hospitals could be among the biggest targets because they often store critical information in old computer systems with outdated security.
Another problem is that hospitals have large staffs composed of people who are not necessarily tech-savvy. The systems at Methodist Hospital were infected by ransomware that was attached to a simple email, opened by a staff worker.
What is your reaction? Do you believe hackers are a legitimate threat to personal data and America’s infrastructure? Share your thoughts in the section below: