A Californian hospital has been forced to cancel appointments and send patients to other hospitals after what appears to have been a ransomware attack brought its computer systems to a grinding halt.
The Hollywood Presbyterian Medical Center declared an “internal emergency” on Friday 5 February after “significant IT issues,” CEO Allen Stefanek said, according to local reports.
The emergency department was hit and staff were forced to return to fax machines and pen and paper as they had no access to email or online patient records.
Aside from access to patient records, the downtime apparently hit lab work, X-rays and CT scans, leading to some outpatients being forced to miss treatment.
Some reports are claiming the attackers are after around 9,000 BTC ($3.6m) in return for decrypting key files.
It’s not clear whether the issue has been resolved yet, although the FBI and LAPD have apparently been called in to investigate.
The incident highlights the potentially serious impact ransomware can have outside the world of IT.
Eset security specialist, Mark James, warned that systems can take a long time to restore after a ransomware attack.
“Good system backups will of course help but for this industry stopping it before it gets in is the priority. Typically in these situations the operating systems used are older and maybe outdated. Patching could cause downtime and may seemingly cause ‘more trouble than it’s worth’ but it’s a fact of computing these days and it has to be done,” he told Infosecurity.
“Segregating the network data and using a good regularly updated internet security product along with staff and user education on the current attack methods will help to keep infection down to a minimum.”
Meanwhile, David Gibson, VP of strategy at Varonis, argued that ransomware can be “hard to spot and harder to recover from” if IT staff don’t log what users are doing with file share data.
“Detecting and arresting ransomware requires an inside-out security approach. IT security must look to block phishing emails or at least educate employees about this threat, restrict access to social media, monitor network connections to known Command and Control (C2) URLs/IP addresses, and watch for malicious processes,” he told Infosecurity.
“But the real key to fighting ransomware is to take a closer look at what the attackers are after: these are the files and emails that employees create and view every day. This unstructured data is the largest data set in most organizations, often the most valuable, and, unfortunately, the least controlled.”
Brendan Griffin, threat intelligence manager at PhishMe, warned that phishing attacks can sometimes contain malicious links leading to a ransomware download.
“Technology alone cannot stop these threats and having a security team reliant on that technology is not going to prevent this kind of human error – it takes all hands on deck,” he told Infosecurity.
“While having a security team would have possibly helped in this instance, it still wouldn’t provide the most comprehensive security measures possible, as it neglects the utility of having staff that are ready and enabled to prevent these threats.”
Paul Edon, director at security firm Tripwire, added that ransomware incidents are only set to increase as cybercriminals make use of ransomware-as-a-service offerings available on the darknet.
“The single most important thing to help recover from a ransomware attack is a well-practiced and regularly updated off-line backup,” he told Infosecurity.
“Additionally, I would recommend ensuring software updates and patches are deployed in a timely fashion, RDP is disabled on those devices where it is not absolutely necessary for business, all email should be filtered and .EXE attachments quarantined. And finally work with a reputable security vendor/consultancy to ensure you are following industry best practices.”