L.A. Hospital Pays Off Ransomware Thieves To Reclaim Its Network (google.com)

← Back to Stories (view on slashdot.org)

L.A. Hospital Pays Off Ransomware Thieves To Reclaim Its Network (google.com)

Posted by timothy on Wednesday February 17, 2016 @04:35PM from the let-me-guess-the-operating-system dept.

Los Angeles' Presbyterian Medical Center, the target of a successful ransomware attack (successful from the thieves' point of view, that is) has buckled under: to regain control of its network, the hospital has paid a 40-bitcoin ransom (about $17,000) to the gang responsible. That, at least, is a far cry from the much higher ransom widely reported to have been initially demanded: 9,000 bitcoin. (That would have meant a payment of $3.6-3.9 million.)

6 of 159 comments (clear)

Min score:

Reason:

Sort:

How much is that in commodity medical supplies? by xxxJonBoyxxx · 2016-02-17 16:42 · Score: 5, Informative

>> the hospital has paid a 40-bitcoin ransom (about $17,000)
That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.
Re:At that price... by Harlequin80 · 2016-02-17 16:50 · Score: 3, Informative

By an absolute mile. At $17,000 you would just pay it straight away. They would have lost far more as a result of the systems being offline, and assuming the ransomware had got itself all through they systems it would have been orders of magnitude more to clean the system if it was even possible.
Backups? by Anonymous Coward · 2016-02-17 17:02 · Score: 5, Informative

Good god, doesn't anyone keep backups anymore?
1. Re:Backups? by Chris+Mattern · 2016-02-18 03:10 · Score: 3, Informative
  
  A common strategy here is to encrypt to files, insert a transparent decryption layer, and then wait a few months before yanking the decryption. Backups are no good because they're encrypted too.
Re:Now What? by Shadow99_1 · 2016-02-17 17:09 · Score: 5, Informative

lol, I've seen some major hospitals that have 2 entire IT people on staff (an admin and an assistant)... I applied for a network admin position at a hospital with 2 IT employees (though I didn't know that until the interview) for 400 employees and well over 300 connected systems (from tablets doctor's used, to connected hardware, routers, and servers of various types, as well as dedicated workstations for nurses). They also used highly specialized systems that were extremely complex. Oh and did I mention satellite officers for doctor's that are part of their network, but not onsite? Yeah... Huge mess there.
Because obviously all this tech in a modern hospital can just work on it's own. No one ever wants to keep enough IT staff on hand to deal with regular maintenance because that would take away from executive bonuses. Hospitals are not any different, even as they are required to push further into the digital realm. This is the direct result. Oh and they don't even usually pay that well. Heck I think half the interviews I've had with companies lately are just to 'prove' a native worker wasn't 'qualified' to do the job even though my resume is solid. Good luck to the sucker form India getting those jobs.

--
we are all invisible unless we choose otherwise
Re:At that price... by MtHuurne · 2016-02-17 17:10 · Score: 5, Informative

It's a short-sighted solution though. Their systems are still vulnerable, probably even still infected. And they validated the business model of the attackers, so more attacks will be coming.
Also, while the CEO insists that hospital records were not compromised, I'm reading that as "the attackers weren't interested in hospital records", not "the hospital records were safe".