Thieves terrorize. Hospital held hostage. Computers are down

by | Feb 18, 2016 | Business Continuity

California hospital held hostage, but it isn’t what you think.

By now you have probably heard about the Hollywood Presbyterian Hospital in Los Angeles, CA is at the center of a hostage situation. However, the assailants haven’t taken the patients or staff hostage (that would be cruel), just the hospital’s computer system. Can you believe it. . .a hospital held hostage and no we aren’t watching Grey’s Anatomy.

It has been about two weeks since the hackers took over the computers, leaving nurses, doctors and administrators to conduct business with a pad and paper. That is both comical and scary at the same time. Comical since we are in 2016 and who does anything offline, but also because it is so easy for a major, US medical institution to be taken down. However, the scary part is that I would imagine data in a hospital is paramount. You need a record of patients medical history available at the ready and by not having it available lives may be at risk– in addition to the administration that is required to keep a hospital like Hollywood Presbyterian up and running.

Of course, the hackers understand the hospital’s critical need of data and requested about $17,000 in untraceable bitcoins for its return. The attack used “ransom-ware” — malicious software that encrypts files which can only be unlocked with a software “key” after a ransom is paid. Sadly, the hospital didn’t have a sound backup and recovery system and really had no choice but to pay.

Below is the official statement from the hospital:

The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

Of course, the hospital is now back up and running and they are “working with a team of experts to understand more about this event”.  That’s all good–and perhaps they discover there was nothing they could have done or foreseen to thwart the attack.

YOU MIGHT ALSO LIKE:  Inside a Sample Company Business Recovery Plan

However, while you may not be able to prevent such an attack, there is really no excuse for being so unprepared to recover your systems that you are forced to operate with a pen and paper for weeks?! There is affordable technology available that can reboot systems in as little as :06. Shame on you, Hollywood Presbyterian. I hope the next hospital held hostage has a better disaster recovery system.

Tracy Rock is the Director of Marketing at Invenio IT. Tracy is responsible for all media-related initiatives as well as external communications—including, branding, public relations, promotions, advertising and social media. She is one busy lady and we are lucky to have her!

subscribe

Business Continuity Newsletter

Join over 17,000 subscribers and receive weekly business continuity news, tips & advice to protect your business.

You have Successfully Subscribed!