Cyber attack snarls Los Angeles hospital’s patient database

The sign of the Hollywood Presbyterian Medical Center is pictured in Los | Wed Feb 17, 2016 2:21am EST

The FBI is investigating a cyber attack that has crippled the electronic database at Hollywood Presbyterian Medical Center for days, forcing doctors at the Los Angeles hospital to rely on telephones and fax machines to relay patient information.

The origin of the computer network intrusion was unknown but since it began late last week has bogged down communications between physicians and medical staff newly dependent on paper records and doctors’ notoriously messy handwriting, doctors and a Federal Bureau of Investigation spokeswoman said on Tuesday.

“It’s right there on paper, but it may not be legible,” Dr. Rangasamy Ramanathan, a neonatal-perinatal specialist affiliated with the 434-bed facility, said. “The only problem is doctors’ writing.”

Although the cyber attack has snarled the hospital’s patient database, doctors have managed to relay necessary medical records the old-fashioned way through phone lines and fax machines, Ramanathan said.

The FBI is seeking to pinpoint hackers responsible for the intrusion, FBI spokeswoman Ari Dekofsky said. She declined to release further details.

Allen Stefanek, the hospital’s president and CEO, told Los Angeles television station KNBC-TV the hospital declared an internal emergency on Friday, after encountering significant information technology problems due to the hack.

A spokeswoman for the hospital could not be reached for comment. (Reporting by Alex Dobuzinskis; Editing by Lisa Shumaker)



California hospital makes rare admission of hack, ransom payment | | Fri Feb 19, 2016 1:57pm EST

(Correcting 12th paragraph of story published Feb. 18 to remove extra word “is” in quote from Symantec’s Bob Shaker)

By Alex Dobuzinskis and Jim Finkle

While it was not the first hacked organization to acquiesce to attackers’ demands, the California hospital that paid $17,000 in ransom to hackers to regain control of its computer system was unusual in one notable way: It went public with the news.

Hollywood Presbyterian Medical Center relented to the demands, President Allen Stefanek said, because he believed it was the “quickest and most efficient way” to free the Los Angeles hospital’s network, which was paralyzed for about 10 days.

That announcement sparked fears Thursday among hospitals and security experts that it would embolden hackers to launch more “ransomware” attacks and calls in California for tougher laws.

“It’s no different than if they took all the patients and held them in one room at gunpoint,” said California State Senator Robert Hertzberg, who on Thursday introduced legislation to make a ransomware attack equivalent to extortion and punishable by up to four years in prison.

Usually embarrassment and a desire to discourage hackers keep attacked companies quiet. Hollywood Presbyterian did not say why it made the disclosure, but its hand may have been forced by spreading rumors a week after the hack. Stefanek confirmed the cyber attack after at least one doctor appeared to have told local media.

In addition, he disputed media reports the 434-bed hospital had faced a ransom demand of $3.4 million, far more than the amount paid in the hard-to-trace cyber-currency bitcoin.

In a ransomware attack, hackers infect PCs with malicious software that encrypts valuable files so they are inaccessible, then offer to unlock the data only if the victim pays a ransom.

The hack at Hollywood Presbyterian forced doctors to use pen and paper in an age of computerization. News reports said its fax lines were jammed because normal e-mail communication was unavailable, and some emergency patients had to be diverted to other hospitals.

Investigators said administrators were so alarmed that they may have paid ransom first and called police later.

Medical facilities in the area plan to consult cyber security experts on how to protect themselves, the Hospital Association of Southern California said. “Hospitals are certainly now aware of ransomware more than they ever were before, and this has become a very real threat,” said spokeswoman Jennifer Bayer.

Some experts said ransomware encryption can be so hard to crack that victims feel they have little choice but to pay if they want their systems back. The hackers’ success could also prompt other hospitals to make quick payments to avoid the disruption and bad publicity Hollywood Presbyterian faced.

“Our number one fear is that this now pretty much opens the door for other people to pay,” said Bob Shaker, a manager at cyber security firm Symantec Corp.


He knew of at least 20 other attacks on healthcare facilities in the past year and hundreds more in other industries that had been kept secret.

Some of those put patients at risk and affected infusion pumps that deliver chemotherapy drugs, risking patient overdoses, he said.

Because hackers hide their identities and demand payment in bitcoin, authorities may have to work harder to find them than if they used old-fashioned methods.

But cyber-crime experts say that they can still be traced.

“The public nature of the network does give law enforcement an angle to help defeat them,” said Jonathan Levin, co-founder of Chainalysis, a New York company working with bitcoin users. “But it’s a game of cat and mouse.”

Ransomware is big business for cyber criminals and security professionals. Although ransoms typically are less than the hospital paid, $200 to $10,000, victims of a ransomware known as CryptoWall reported losses over $18 million from April 2014 to June 2015, the FBI said.

Ransomware attacks climbed sharply in 2014, when Symantec observed some 8.8 million cases, more than double the previous year. IBM said that last year more than half of all customer calls reporting cyber attacks involved ransomware. (Editing by Sharon Bernstein and Cynthia Osterman)




Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:


You are commenting using your account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: