Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Demand $3.6 Million From Hollywood Hospital Following Cyber-Attack (softpedia.com)

Posted by timothy on from the little-things-like-that dept.

An anonymous reader writes: The Hollywood Presbyterian Medical Center has been hit by a cyber-attack and its systems are now being held hostage by hackers that are demanding a ransom of 9,000 Bitcoin, which is about $3.6 million (€3.2 million) in today's currency. Management has forbidden staff to turn on their computers, fearing the attack might spread, and the Radiation and Oncology departments have been completely shut down because they can't use their equipment." The staff were also forced to use fax machines rather than email, and to write down patient data on paper; patients had had to come in in person for results.

22 of 212 comments (clear)

  1. Restore from backup by hawguy · · Score: 4, Insightful

    Isn't this what backups are for? Wipe the infected computers and restore from backup. A few days of lost data seems less disruptive than weeks of no computers at all.

    1. Re:Restore from backup by Antique+Geekmeister · · Score: 4, Insightful

      If you get re-infected within moments by other infected machines, the backups don't help much. I've seen a partner infested this way, and it was horrible.

    2. Re:Restore from backup by Antique+Geekmeister · · Score: 4, Insightful

      If you don't have the list of softwarekeys, or the licenses, to reinstall from scratch, and if you don't have the staff with the tools to re-image systems swiftly, rebuilding the systems from scratch is a herculean job and you *wiall* lose vital patient data. If you don't have the tools, the systems *will* get re-infected while you're reinstalling them. Been there, done that, it's why i never,run the basic backup systems on Windows.

    3. Re:Restore from backup by Anonymous Coward · · Score: 3, Insightful

      Most likely ransomware (which can be very pervasive) and has spread to hospital equipment that was never secured or backed up, no-one thinks to backup data on a pain-pump or a smart-bed, all have software so theoretically can be infected or at least be a hiding place.

      Backups may not be enough, might have to do a full wipe of everything connected, while the patient files should be ok so much will be lost because no-one though it would happen. (assuming they have a good backup system, or have practiced an emergency data restore, from experience, managers look at you like your a fool when you mention you need to have a crisis data restore drill and training)

    4. Re:Restore from backup by Nethemas+the+Great · · Score: 4, Interesting

      Hospital IT are far less organized and far less competent on average than you would expect given the nature of the business they're charged with safeguarding. The regulatory environment also disincentivizes timely patching of security vulnerabilities within devices under the stricter regulatory classes. That is to say--in a simplified nutshell--anything involved in the treatment and/or diagnosis of patients.

      --
      Two of my imaginary friends reproduced once ... with negative results.
    5. Re:Restore from backup by Antique+Geekmeister · · Score: 4, Insightful

      Yes. It is. Starting with a copy of "dban", downloaded on a Linux laptop in a local coffee house and applied to to our disks, or using a slimple live Debian or CentOS or even OpenBSD DVD image, can be a start. But getting anything _alive_ that can handle patient data, however, can be pretty iffy. Windows machines can be re-infected in the process of re-installatiion in an infested local environment. Dealing with several hundred such systems that handle doctor's schedules, patients care plans, or handle prescriptions and billing and correspondence and mortgages and health insurance records is an absolute nightmare.

      Can you burn your own home to the ground and rebuild from scratch? Certainly. Can you do this with a hospital without kill anyone who regularly scheduled kidney medicine, who is scheduled for surgery on Tuesday, or who needs immunization records or simply needs allergy records before transferring schools? That is a nightmare.

    6. Re:Restore from backup by KGIII · · Score: 5, Insightful

      I lost data once and only once. Well, a significant amount of data. I've had crashes with not-yet-saved documents that took out trivial amounts but that doesn't even happen any more. You're not only correct, you're spot on.

      One other thing to add - without verifying your backup - you have no backup at all. That includes a restoration strategy, that's part of the verification process. That includes having the ability to put a fresh system up, while the system is down, and have it isolated to access tools for recovery (such as updated patches).

      My loss of data was infuriating and bizarre. I've been very anal about keeping backups ever since. To this day, even for my personal data, I keep regular updates at disparate locations and provision the same services for my friends. It's all fairly automated at this point but I still test the recovery often enough to know that I shouldn't ever lose any valuable data ever again.

      Hardware, software, and bandwidth are cheap. They're cheap enough to be considered ubiquitous and there's no excuse for me to not do this. It is not expensive and doesn't even require physically moving the data on a regular basis. With a little bit of initiative, you can even automate a good portion of it. (I've not really found a good way to do the verification completely automatically from within the OS. I've not yet found one that I can really be certain of so I do verifications on my own.)

      --
      "So long and thanks for all the fish."
    7. Re:Restore from backup by sentiblue · · Score: 2

      Anything with some kind of operating instructions can be compromised and instructed to do things beyond its operations scope... so yes, a stupid printer can be used as a hacking tool.

      Now my opinion about the hackers: They should go steal shit from somewhere else like the bank where there's lots of money. Disrupting a hospital can lead to patient deaths... and when these hackers get caught, they should ALL get death sentences regardless if there has been any patient fatalities.

    8. Re:Restore from backup by cranky_chemist · · Score: 4, Insightful

      ... when these hackers get caught, they should ALL get death sentences regardless if there has been any patient fatalities.

      This was an ill-conceived attack on the hackers' part.

      If any patient dies in connection with this attack, then it puts murder charges on the table. And the thing about murder is that there's no statute of limitations. Thus, these guys will be looking over their shoulders for the rest of their lives.

      All for MAYBE $3.6 million in Bitcoin.

    9. Re:Restore from backup by ColdWetDog · · Score: 2

      I keep telling you people. Trying to make an analogy without using automobiles as a reference point is like trying to fry a fish with a tape recorder.

      --
      Faster! Faster! Faster would be better!
    10. Re:Restore from backup by Applehu+Akbar · · Score: 2, Insightful

      "If any patient dies in connection with this attack, then it puts murder charges on the table. And the thing about murder is that there's no statute of limitations. Thus, these guys will be looking over their shoulders for the rest of their lives."

      I've said it before: If the NSA is as good at mass surveillance as is being claimed, why aren't we seeing them finding ransomware purveyors and strangling them with their own intestines? It would give them the positive publicity they have been waiting for.

  2. Wait by symes · · Score: 4, Funny

    So wait until next week when that 9000 BTC is worth $1.50, but not until the week after when it will be worth three times that.

  3. Who handles their IT? by beheaderaswp · · Score: 4, Informative

    I'd like to know who handles their IT?

    Contractor? Imports? If they cannot turn their computers on.... are they pulling the drive to access the data on clean airgapped computers?

    I'd bet they have a marginal IT staff and a bunch of managers. Would be typical.

    --
    Another consultant who stuck it out.

    "We are the Priests, of the Temples of Syrinx..."
  4. The criminals just made a huge mistake by Harlequin80 · · Score: 4, Insightful

    They picked the wrong target. If you hit a small business it's easier to pay. If you hit a large business you pay because you don't want people to find out. You hit a hospital though and people could die and it is very very public.

    Right about now there will be a whole lot of resources targeted towards finding these people. They are fucked.

  5. Re:Sorry by Barny · · Score: 4, Insightful

    Interesting point, but you do realise that to the rest of the world, America is the "1%"?

    --
    ...
    /me sighs
  6. Re:Take 'em out by Anonymous Coward · · Score: 2

    Who? The execs who cut IT budgets?

  7. Replace systems entirely by sentiblue · · Score: 4, Interesting

    IBM and Apple are partnering to create an entire new system for hospital management.

    It has an extremely protected back end and a very difficult to infect front-end: The iPad.

    I challenge hospitals in this country to do the switch... at least get in with a POC/Beta program.

    1. Re:Replace systems entirely by Anonymous Coward · · Score: 2, Insightful

      Anything with IBM involved will be 10 times the price with a timeline to delivery sometime in 2099 if it ever works at all. I would warn any organisation about dealing with such a set of companies (and have done in the case of IBM).

  8. Pay Attention IoT! by Irate+Engineer · · Score: 4, Insightful

    Isn't health care practically the highest critical tier of the "Internet of Things"? We can't even motivate ourselves to properly secure medical data, literally life and death stuff, even after they get pwned like this. The folks on the IoT bandwagon actually want to hitch more of our daily technology to the Internet, things with even lower security motivation? Sorry, IoT is dumb beyond belief. We really need to be working on air-gapping and unplugging a lot of stuff from the Internet. Some things should never, ever get plugged into the Internet, convenience be damned. For other things, maybe they can be plugged in, if a rock solid security apparatus is in place and you still maintain the ability to recover from a breach, acknowledging that it can still happen.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  9. Re:Sorry by lgw · · Score: 2

    Why is it that the victims of an attack take all the blame for an attack such as this one?

    If you're just walking along, minding your own business and get attacked by surprise, your attacker takes all the blame.

    If you're a military sentry waling your patrol and get attacked by surprise, you are to blame, because alertness is your entire job.

    If you operate key infrastructure, you're somewhere in between these cases, and some blame attaches to you if you're successfully attacked.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  10. In Soviet Russia... by Thor+Ablestar · · Score: 3, Interesting

    I spent about 8 years to convince my boss to never use Windows in equipment control. The only places where Windows XP (not later) is allowed to be are the workstations of different secretaries and specialists which are too old to be retrained. So if some ransomware hits the damage is limited to the computers that are easily reinstalled from scratch.

    There is the place where the ransomware can still hit: It's the SAMBA server that has shares that the ransomware can encrypt, but it presumably has a proper backup.

    To do so we sometimes had to design and produce our own data collection equipment since the existing one is Windows-only.

    Sorry, I have no security clearance to name our preferred OS (not Linux) and a place in the Russian military-industrial complex where I work.

  11. Re:Take 'em out by mwvdlee · · Score: 2

    Incompetent people should get fired.
    Malicious people should get a entire firing squad.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?