On February 17, Hollywood Presbyterian Medical Center announced that it had paid cyber extortionists a ransom of 40 bitcoins in order to restore control over its systems and administrative functions. While the number might not seem high at first glance, it equates to roughly $17,000. The hospital first noticed malware on its system on February 5, but waited ten days before deciding that payment was the fastest way to regain control of their systems. The hackers had introduced malware into the hospital’s system that encrypted the hospital’s files, making them inaccessible. The FBI is still investigating how the hackers were able to install the malware.
Bitcoin is a completely digital currency that attracts cyber extortionists because bitcoin transactions do not go through any intermediary such as a bank. There is a lower chance that an illegal payment can be tracked. The extortionist usually sets the amount just low enough for the infected entity to consider payment.
While cyber extortion is popular among some criminals in eastern Europe, the Hollywood Presbyterian Medical Center episode is one of the higher profile examples in the U.S. The publicity about the paid ransom may encourage others looking for a fast payout. Cyber experts believe that about 3% of users with infected systems pay ransom.
It is difficult to say whether the rate of cyber extortion incidents will increase in the US. Not all cyber criminals are willing to shut down operations at a facility where access to files can mean the difference between life and death. But the healthcare industry presents an easy target for attacks because its technology is often outdated and electronic medical records are available on laptops and I-Pads used throughout the hospital and often within easy reach.