This Hollywood hospital didn’t backup its data? “Ransomware” payday for evil hackers

That’s so Evil. But why didn’t Hollywood Presbyterian Medical Center simply initiate its DR plan? Oh…

hospital ransomware 40 Bitcoin
Capella / Eric’s Boy / Juno / KC Medien / Moving Pictures / New Line

Hollywood Presbyterian Medical Center was forced to pay a ransom if it wanted its critical data back from hackers who encrypted its computers. The hospital’s CEO announced he’d spent around $17,000 in Bitcoin—after a week of failure to restore important health data, email, and other critical stuff, presumably.

In other words, it appears the hospital failed with its disaster-recovery (DR). Looks like it either didn’t have backups, or the restore failed.

Oopsy daisy, hashtag-fail, oh noes, etcetera. In IT Blogwatch, bloggers see a lesson for all of us: Backups aren’t backups unless you can restore them! Not to mention: My mom is an avacado

Your humble blogwatcher curated these bloggy bits for your entertainment. [Developing story: Updated 10:40 am PT with more comment]

What’s the craic? Steve Ragan gets salty—Ransomware takes Hollywood hospital offline:

The computers at Hollywood Presbyterian Medical Center have been down for more than a week as [it] works to recover from a Ransomware attack. The network is offline and staff are struggling to deal with the loss of email and access to some patient dataforcing staff to rely on fax machines and telephones.

Staff have been told to leave their systems offline. Sources who spoke to [local TV gave] descriptions matching a typical Ransomware infection.

In a statement, the hospital confirmed that a ransomwas paid in order to return the network to working order. “The amount of ransom requested was 40 Bitcoinsapproximately $17,000. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom.”

Here’s a local take. Courtesy of Richard Winton—Hollywood hospital pays $17,000 in bitcoins to hackers who took control of computers:

Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to a hacker whowould give back access only when the money was paid, the hospitalCEO Allen Stefaneksaid.

The hospital said itwas able to restore all its computer systems. Stefanek said patient care was never compromised, nor were hospital records. The 434-bed short-term acute care hospital on Vermont Avenue is owned by CHC of South Korea.

Bring on the snark. Cory Doctorow tries—Hackers steal a hospital in Hollywood:

In some ways, [the] Medical Center got very lucky. The hackers haven't taken over the firmware for things like CT scannersand bricked them. [But] patients [were] transferred to other facilities.

What can other IT people learn from this débâcle? Here’s Jared Kaufman:

This is why a policy of good, regular data backups (and regular restore/DR testing) is critical. Generally we have data unlocked and available within a few hours at most.

There may be data missing from the last 24 hours, but with the nature of ADT (Admission, Discharge, Transfer) data interfacesthat data can be played back into the affected systems.

Yes, back up your stuff, kids. And test your backups as part of a DR plan. Mark Hagland asks many, many questions—Does the Hollywood Presbyterian Hack Represent a Frightening New Chapter in Healthcare Cybersecurity?:

What forms of cybersecurity and data security were in place? Was the patient data in the electronic health recordencrypted at rest?

What kinds of phishing training has taken place forend-users? Does the hospital have a CISOand what kinds of human and other resources does the CISOhave?

Did the hospital have any kind of data replication in place? Did the hospital have a comprehensive disaster recovery and business continuity plan?

This whole situation raises the specter of our collective entry into a frightening new world. The dangers are becoming more menacing all the time. And independent community hospitals like [this] are particularly vulnerable.

The human element remains preeminent hereif the hackerswere able in any way to involve hospital employees in their terrible scheme. Perhaps this incident might serve as a wake-up call for IT leaders across U.S. healthcare.

Things are becoming more and more frightening every day. It will take very hardwork to address this tsunami of cyberthreats in our industry.

Update: Advice: We need it. JP Buntinx obliges-No One Should Ever Pay to Remove a Bitcoin Ransomware Infection:

Ransomware attacks will only occur due to a mistake by the end user. Computer users need to stop clicking unknown links.

Secondly, there is no need to install new software when prompted to do so. Ifa popup appears to install additional software, click it away or leave the site immediately.

But when disaster strikes, there is still no need to start panicking. Rather than paying the ransomware fee itselfone can just regain accessby reverting to a backup before theinfection. [It] saves a lot of time and money.

Even if one were to paythere is no guarantee the hacker will give thedecryption key to restoring access to one’s files. [There’s] no excuse to justify paying.

And Finally…

My mom is an avacado
[at least, I think that’s what she said]

You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Copyright © 2016 IDG Communications, Inc.

Shop Tech Products at Amazon