NBCLA reports:
A Southern California hospital was a victim of a cyber attack, interfering with day-to-day operations, the hospital’s president and CEO said.
Staff at Hollywood Presbyterian Medical Center began noticing “significant IT issues and declared an internal emergency” on Friday, said hospital President and CEO Allen Stefanek.
A doctor who did not want to be identified said the system was hacked and was being held for ransom.
Read more on NBCLA. There is no statement on the hospital’s web site at the time of this posting, and I don’t see where there are any tweets from entities claiming responsibility for the hack.
It’s supposed to be ransomware and the alleged ransom is 9,000 bitcoins or $3.4 million US. It kind of sounds like those Indian three banks where so may PCs got infected that they were faced with buying a decryption key for each PC. Supposedly this one actually started a week ago but it’s gotten worse and the hospital departments were faxing each other because all other messaging is down.
If it’s ransomware, it undoubtedly was not so much of a “hack” as inadequate IT controls on ingress and egress traffic and they were a random target. But that’s the way hospitals are. The physicians are king, just like professors at universities. But it’s worse at hospitals because almost no hospital system employs their physicians; they’re contractors. And the physicians want to use their own mobile devices everywhere and they don’t want blocking on websites or inbound emails. And since without physicians you don’t have a hospital, it usually has to be allowed.
Any word on what specific ransomware and/or OS was involved?
I haven’t seen any details on that so far.