Hack at hospital raises concerns

Associated Press

LOS ANGELES

Cybersecurity experts worry that the $17,000 a Los Angeles hospital paid hackers to regain control of its computers could signal a troubling escalation of the growing “ransomware” threat.

Though patient care was not “compromised in any way,” Hollywood Presbyterian Medical Center paid the bounty “in the best interest of restoring normal operations,” President Allen Stefanek said in a written statement.

A typical attack starts when a person opens an emailed link or attachment. Malicious code locks the computer – or, worse, an entire network. Victims pay hackers for a “key” to unlock their machines – and may be desperate to do so if they have not diligently backed up their data and networks.

Many ransomware victims pay quietly, or abandon infected machines. It was unusual that Hollywood Presbyterian, which has more than 400 beds and is owned by CHA Medical Center of South Korea, both revealed the attack publicly and disclosed its cost.

Computer security experts said hospitals are particularly vulnerable because some medical equipment runs on old operating systems that cannot easily be safeguarded. If an employee opens an infected file from a computer that also connects with a patient monitoring station or insulin pump, those devices also could be locked.