A few days ago, we told you about a serious cyberattack at Hollywood Presbyterian Medical Center in Los Angeles. The hospital had gotten a ransomware virus on its systems, which had locked up all its patient records and other computer files.
The hackers behind the attack set the ransom for getting the files back at $3.6 million, or 9,000 bitcoins. For 10 days, hospital workers were doing everything by hand, and many patients had appointments canceled or were directed to other hospitals. Now, the situation seems to be resolved, but not in the way you'd hope.
Hollywood Presbyterian ended up paying off the hackers, although in the end it only paid 40 bitcoins, worth around $17,000. The hackers apparently decided to just take what they could get.
Still, this situation reveals a few things that should worry you. The first is that even with help from the FBI and security companies, the hospital couldn't defeat ransomware. It drives home the fact that ransomware is becoming one of the biggest security threats out there. That's why it's a good idea to make sure it never gets on your computer in the first place.
Second, the situation suggests that the hospital probably wasn't backing up its files. Otherwise, it could have wiped its computers and refreshed everything without paying.
True, that might have cost more time and money than it ended up spending to just unlock the files, so paying could have been the more efficient option. However, it's going to encourage hackers to try this tactic more frequently with other institutions. If you have a business, make sure you're prepared for the worst in a ransomware attack.
Third, this incident shows that electronic medical records can be just as vulnerable, if not more so, than the older paper records. What if your doctor's office only has one copy of your medical records and they get locked for good, or destroyed in a computer crash? There goes your entire medical history.
That isn't to say that electronic medical records are bad, but many hospitals are still getting the hang of using them. They don't have the experience in data storage and security that major tech companies do. And it looks like they need to learn fast.
Want to make sure your medical records are under your control? Check out three apps that let you create and store medical records locally.
Do you think the hospital was right to pay off the hackers? Let us know your thoughts in the comments.