A hospital in Los Angeles held hostage by malicious software for nearly two weeks has relented and paid hackers $17,000 worth of bitcoins in order to unlock important data. But while that resolves the most high-profile incident yet involving so-called ransomware, the tactic, which involves infecting a network, encrypting data, and demanding a ransom for unlocking it, is only growing in popularity. And cyberattacks on health-care facilities are on the rise.
Hospitals are getting hacked more often for several reasons. Many have converted or are in the process of converting paper records to digital ones, and the data in those records includes personal information that can fetch a healthy price in illegal data markets. Further, data security is commonly not prioritized highly enough in health-care facilities; systems are often out of date or not properly maintained, and the need to access data quickly in urgent situations can trump security.
Officials from the hospital that was attacked this time around, Hollywood Presbyterian Medical Center, claim there is no evidence that any data was stolen from the network. But the episode illustrates the power of ransomware, one of a range of sophisticated cyberweapons available to criminals looking to attack the industry.
Things could get worse before they get better. As hospitals add more connected devices to their networks, they potentially create more ways for hackers to get in. And the push for more personalized medicine—in particular, patients' demands for more and better access to their records—is likely to raise even more security-related challenges.