A Californian hospital struck by a ransomware infection which resulted in it being forced to cancel patient appointments has admitted it paid a $17,000 ransom to have key files decrypted.
The Hollywood Presbyterian Medical Center made headlines this week when it emerged that unnamed ransomware had effectively forced a lock down of IT systems.
Staff are said to have declared an internal emergency when it hit on 5 February and were forced to use pen and paper and fax machines as email and online patient records were inaccessible.
Reports at the time suggested lab work, X-rays and CT scans were affected, with outpatients forced to miss treatment and some patients even sent to other hospitals.
However, in a lengthy statement on the matter yesterday, hospital president and CEO Allen Stefanek argued that patient care had “not been compromised in any way.”
Original reports of a 9000 BTC ($3.8m) ransom being demanded were wide of the mark – the actual amount was a more modest 40 BTC ($16,880).
The hospital ended up paying that to the cyber-criminals behind the attack.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” said Stefanek.
“HPMC has restored its electronic medical record system (‘EMR’) on Monday, February 15th. All clinical operations are utilizing the EMR system. All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event.”
Given that law enforcers from the FBI and LAPD were said to have been drafted in to investigate the attack, it seems that their advice was to pay the ransom – hinting that the variant used was one which couldn’t be cracked, like Cryptowall.
In fact, it was reported last year that an FBI cyber specialist and assistant special agent told attendees at a conference that some ransomware is so good at encrypting files that “we often advise people just to pay the ransom.”