Hospital paid hackers $17,000 to unlock its data, but it could have been a lot worse

Hospital paid hackers $17,000 to unlock its data, but it could have been a lot worse
Credit: HPMC / Facebook

Hollywood Presbyterian Medical Center (HPMC) revealed in a statement (PDF) today that it paid hackers $17,000 in Bitcoin to unlock its files after the attackers used malware to encrypt and hold them for ransom.

The hospital noticed issues on its network on February 5 and managed to restore its systems by February 15. That means its staff couldn’t rely on electronic medicals and communication facilities for more than a week.

While HPMC says that this incident didn’t affect the delivery and quality of the care patients received, the situation could certainly have spun out of control and affected their well-being.

The hospital was lucky — extremely lucky — to have been able to pay a paltry sum for restoring its data. Initial reports claimed that the hackers demanded a cool $3.6 million in ransom and it’s a miracle that the hackers actually only asked for a fraction of that.

Plus, the attackers could well have asked for larger amounts once they saw that HPMC was powerless and willing to pay up. And there was never a guarantee that they would hand over the necessary decryption key once they’d got what they wanted.

Hackers are always looking for new ways to breach security systems, and it may never be possible to completely protect your network from attack. But there are things you can do to prevent your data from being taken hostage, such as frequently backing it up and using anti-ransomware tools like the one Malwarebytes recently released.

At present, hackers prey on the high level of dependence that institutions have on their existing networks and data setups. By reducing the amount of harm they can do with a single attack, you can avoid situations like the one HPMC faced.

As they say, prevention is better than cure.

➤ Memo from the CEO (PDF) [Hollywood Presbyterian Medical Center]

Read next: The creators of the Web are working on a way to kill passwords