Skip to Content

Hospital Forced Back to Pre-Computer Era Shows the Power of Ransomware

Patients had to be moved from a Los Angeles hospital struck by malware that encrypts data and demands money to unlock it.
February 16, 2016

Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. Ransomware, as it is known, now looks to have scored its highest-profile victim yet.

Hollywood Presbyterian Medical Center in Los Angeles was infected by ransomware more than a week ago. The software locked up files throughout the hospital’s IT system and, according to unconfirmed reports, demanded 9,000 bitcoins, more than $3 million, for their return.

The hospital’s computer systems have been shut down ever since. Staff, stuck using paper and fax machines, have struggled to care for patients without access to e-mail or medical records. Some patients have been transported to other hospitals.

Hospitals and other health organizations are sometimes targeted by criminals who want to access medical records for identity theft. But the CEO of Hollywood Presbyterian Medical Center told a local news station that the attack was “random.” That suggests his facility has been hit by one of the many strains of ransomware circulating online, spread through spam e-mails and infected Web pages. It also suggests that the ransom demanded was not really over $3 million, as ransomware typically demands far smaller sums.

Hollywood Presbyterian Medical Center in Los Angeles.

The ransomware business model has turned out to be a blockbuster. Security company Bromium estimates that the incidence of attacks doubled in 2015. One leading ransomware package, Cryptolocker 3.0, brought in an estimated $325 million in 2015 alone, according to a group of companies working together at the Cyber Threat Alliance.

Ransomware typically uses standard encryption protocols like those used to legitimately lock up data, which are for practical purposes unbreakable. The ransom demanded is usually around $500 and requested in bitcoins, making it easier for the criminals to collect their money without detection.

The latest ransomware makes use of the Tor anonymity network to prevent its operators from being traced. Some use a “freemium” business model: a victim is allowed to decrypt some data for free to demonstrate that the rest can be returned if he or she pays up.

Many victims do end up paying the ransom—44 percent by one estimate—because once your data has been locked up, there’s not much else you can do. Having good backups that are kept isolated from the main system is the only real way to recover data after ransomware has struck. Some ransomware is able to find and encrypt backups when it infects a system, however.

Hollywood Presbyterian Medical Center is not the first public service body to be crippled by malware. A Mississippi school district had its systems taken down by ransomware earlier this month. Many local police departments in the U.S. have also been hit. Last year, police departments in Massachusetts and Maine even ended up paying roughly $500 apiece to get their data back.

(Sources: NBC LA, Fox LA)

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.