A hospital in Hollywood, California admits it paid a ransom of more than AU$23,700 to hackers who took control of the medical facility's computers and threatened to wipe the data unless they were paid.

The hackers used an invasive app known as ransomware to infect systems at Hollywood Presbyterian Medical Center, just a stone's throw off of Hollywood and Sunset Boulevards in America's entertainment capital on 5 February.  Staff had to get through a week without access to their email and some patient data, while computers essential for various functions, including CT scans, documentation, lab work, and pharmacy needs were kept offline.  Workers turned to pens and paper for their daily record-keeping.

 

Earlier reports said the hackers demanded the ransom be paid in 9000 Bitcoins worth about US$3.4 million, but Hollywood Presbyterian CEO Allen Stefanak released a statement denying this:  "The amount of ransom requested was 40 Bitcoins, equivalent to approximately US$17,000," he wrote.

With some of the more serious patients forced to transfer to other hospitals, Stefanek says officials made the decision to pay off the bad guys.

"The malware locks systems by encrypting files and demanding ransom to obtain the decryption key," he wrote.  "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.  In the best interest of restoring normal operations, we did this."

The FBI has taken control of the investigation.  It appears the Bitcoin ransom was paid before law enforcement was brought in.  Ransomware attacks have been pulled off before, but not at a major metropolitan medical center.

"I have never heard of this kind of attack trying to shutdown a hospital," said Phil Lieberman, a cyber security expert.  "This puts lives at risk and it is sicking to see such an act," he added.  "Health management systems are begin to tighten their security."