ADVERTISEMENT

Hollywood Presbyterian Medical Center Pays Hackers $17K Ransom

B

brahmanknight

Moderator
Moderator
Sep 5, 2007
38,556
11,173
113
Winter Park
http://www.nbcnews.com/tech/securit...edical-center-pays-hackers-17k-ransom-n520536

160218-hollywood-presbyterian-medical-center-jpo-404a_255110b08e7b0fba4e3f3eab82608ca9.nbcnews-ux-2880-1000.jpg


A Los Angeles hospital paid a ransom of about $17,000 to hackers who infiltrated and disabled its computer network because it was the most efficient way to solve the problem, the medical center's chief executive said Wednesday.

Hollywood Presbyterian Medical Center paid the demanded ransom of 40 bitcoins — currently worth $16,664 dollars — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

Doctors at the hospital were forced to rely on telephones and fax machines to relay patient information, Reuters reported.

Communications between physicians and medical staff were bogged down by paper records and doctors' notoriously messy handwriting.
 
  • Like
Reactions: UCFWayne
This is what happens when computer companies support terrorism. It's only the beginning.
 
$17K seems like a fair amount, but I bet if these were female hackers it only would've been $8.5K because of the war on women!!!
 
UCFKnight85 said:
Hackers really are the biggest piles of shit on earth.
Click to expand...
Coming from a guy that sells weapons... lol. What about the hackers that are employed by the US military? Man those guys that disabled Iran's centrifuges for a year or whatnot were really big piles of shit.

I'm less worried by this hospital paying off these guys than I am the real probability that these guys stole the medical records of countless people. Information security is a real problem that is finally starting to get the attention it deserves. This stuff is only going to keep happening.
 
  • Like
Reactions: 1ofTheseKnights
UCF w00t said:
Coming from a guy that sells weapons... lol. What about the hackers that are employed by the US military? Man those guys that disabled Iran's centrifuges for a year or whatnot were really big piles of shit.

I'm less worried by this hospital paying off these guys than I am the real probability that these guys stole the medical records of countless people. Information security is a real problem that is finally starting to get the attention it deserves. This stuff is only going to keep happening.
Click to expand...

If someone is essentially a weaponized hacker unit of the US Military and is f*cking with rogue regimes' nuclear capabilities, then fine.

That's not even remotely close to jackasses who hack a hospital, disable comms, put patients' lives at risk, and defraud the public by making a hospital pay for a goddamn ransom, just so they can go back to properly treating sick and dying people.

Your comparison was really awful.
 
They were actually asking for 3 million in bitcoin...so there were really nice and gave them a discount...good guy hacker...

to be honest the hospital must have a real s#!t IT department that they allowed the backups to become corrupted or encrypted as well. (if they had backups)...

now you will see that hospital take some major HIPPA hits...
 
UCFKnight85 said:
If someone is essentially a weaponized hacker unit of the US Military and is f*cking with rogue regimes' nuclear capabilities, then fine.

That's not even remotely close to jackasses who hack a hospital, disable comms, put patients' lives at risk, and defraud the public by making a hospital pay for a goddamn ransom, just so they can go back to properly treating sick and dying people.

Your comparison was really awful.
Click to expand...
you do know what ransom ware is right? someone at the hospital effed up, this wasnt an active hack...
 
This was the response from a friend of mine after reading this story ( I have no clue if it makes sense, but he runs the IT department at a mid western college ).

Mitigating damage and recovering from ransomware is not that difficult if you take the proper steps before such an attack. We were hit with one, encrypted every MS office file it found on our primary file server. Due to the fact that it was a virtual server and I could recover to a snapshot from 3 hours prior to the event, we were down for a little over 30 minutes and we recovered everything up to 3 hours before.

If you don't have a strong backup plan and don't virtualize, these types of attacks can be devastating.
 
  • Like
Reactions: USFSucks
brahmanknight said:
This was the response from a friend of mine after reading this story ( I have no clue if it makes sense, but he runs the IT department at a mid western college ).

Mitigating damage and recovering from ransomware is not that difficult if you take the proper steps before such an attack. We were hit with one, encrypted every MS office file it found on our primary file server. Due to the fact that it was a virtual server and I could recover to a snapshot from 3 hours prior to the event, we were down for a little over 30 minutes and we recovered everything up to 3 hours before.

If you don't have a strong backup plan and don't virtualize, these types of attacks can be devastating.
Click to expand...
There are legit reasons to not virtualize certain servers. Back up plans are key though.
 
brahmanknight said:
This was the response from a friend of mine after reading this story ( I have no clue if it makes sense, but he runs the IT department at a mid western college ).

Mitigating damage and recovering from ransomware is not that difficult if you take the proper steps before such an attack. We were hit with one, encrypted every MS office file it found on our primary file server. Due to the fact that it was a virtual server and I could recover to a snapshot from 3 hours prior to the event, we were down for a little over 30 minutes and we recovered everything up to 3 hours before.

If you don't have a strong backup plan and don't virtualize, these types of attacks can be devastating.
Click to expand...
It's really just about backing up. In your friend's case, virtualization was a key function of his backup and recovery strategy but it's really just about having a robust strategy in place. You don't need to virtualize to do it.

Of course there's plenty of ways to prevent this from happening in the first place. Limiting access to bad sites, robust email scanning/filtering, proper access controls, limited permissions for users on their local computers, enforcement/automation of software updates, etc. More important than anything else is probably user training. If Susan in accounting doesn't click on that damn "Free game" link none of this happens in the first place.
 
  • Like
Reactions: USFSucks
UCF w00t said:
It's really just about backing up. In your friend's case, virtualization was a key function of his backup and recovery strategy but it's really just about having a robust strategy in place. You don't need to virtualize to do it.

Of course there's plenty of ways to prevent this from happening in the first place. Limiting access to bad sites, robust email scanning/filtering, proper access controls, limited permissions for users on their local computers, enforcement/automation of software updates, etc. More important than anything else is probably user training. If Susan in accounting doesn't click on that damn "Free game" link none of this happens in the first place.
Click to expand...
Correct, you dont need virtualization but I find that reloading a snapshot is faster than reimmaging a PC/server and then copying the data over...

And with basic cryptolocker software, the program encrypts everything shared from the PC it is running from. So at this point we dont share anything but office specific folders so if it does happen we can narrow the search down (also looking on the firewall for programs connecting to IPs we dont normally see)

we also found out that cryptolocker will sit dormant for weeks sometimes...we figured out that a user downloaded it and it was on her PC for 6 weeks before it decided to run (we imagine a timer was involved) and Checkpoint never saw it because it doessnt look like a virus, it looks like a self extracting MSI that installs to a users app data...In our case we looked at every site she ran in that timeframe and we figured out she clicked on a site pretending to be medicare but not...

I still dont get how they got their backups corrupted or they just have a crap IT department...no idea
 
You must log in or register to reply here.

Similar threads

Raynman

Bills' Damar Hamlin released from Cincinnati and Buffalo hospitals

Replies
30
Views
1K
The Dungeon - Knights Only
Knightsweat
Knightsweat
ADVERTISEMENT

Latest posts

ADVERTISEMENT
Top Bottom
Back