Hollywood Presbyterian Medical Center paid a roughly $17,000 ransom in Bitcoins to free itself from a cyberattack that crippled its internal computer system, the hospital’s president said Wednesday.
The attack began Feb. 5, preventing hospital staff from accessing selected computer systems and blocking electronic communications, according to hospital President/CEO Allen Stefanek.
“Law enforcement was immediately notified,” he said. “Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.”
In the end, however, the hospital wound up paying a ransom demand to get its systems unlocked.
“The reports of the hospital paying 9,000 Bitcoins or $3.4 million are false,” Stefanek said. “The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
Stefanek said the hospital’s electronic medical record system was restored on Monday, and all of its clinical operations are using the system.
“All systems currently in use were cleared of the malware and thoroughly tested,” he said. “We continue to work with our team of experts to understand more about this event.”
Both the FBI and the Los Angeles Police Department were investigating the cyberattack. Hospital officials stressed that patient care was not compromised by the attack.
“Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access,” Stefanek said.
— Wire reports