Hackers to Hollywood Hospital: Pay 40 Bitcoin—Or Else!


“We have stolen your files. You have 48 hours to pay us 40 bitcoin or you’ll lose them forever.”

Scammers have come a long way from the days of the Nigerian Prince e-mail scam. Today, it’s more about ransomware. 

On Feb. 17, the Hollywood Presbyterian Medical Center (HPMC) released a letter informing the public that it had been subject to a cybersecurity attack. Unlike the usual data breaches that dominate news—Target, the U.S. Office of Personnel Management, Wendy’s—this attack was of the ransomware variety.

In a ransomware attack, hackers use malware to encrypt data so affected users can’t access their information. The hackers then will ransom the decryption key back to the victims in exchange for money—usually bitcoins. 

In the HPMC attack, the hackers demanded 40 bitcoins (approximately $17,000) for return of the files. Ultimately, after consulting with law enforcement, the hospital decided to pay the ransom in order to restore their electronic medical record system. Throughout the attack, the hospital said, “patient medical care was not affected.”

Should HPMC have paid the ransom? Could they have prevented the attack?

There are a variety of methods available to help stop attacks. The software security company Symantec Corp. tells consumers to never pay ransom. After receiving the ransom, hackers have no incentive to return encrypted files—and often won’t.

Symantec also said that users can protect their files by having good security software and a backup system in place. If files are backed-up and out of reach of hackers, there’s no need to ever pay ransom to get encrypted files back.

Ransomware is here to stay. Unless you have your own virtual Liam Neeson to get you out of a jam, it’s probably a good idea to follow Symantec’s advice. Back up & protect yourself.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.