Skip to content
Naked Security Naked Security

Hollywood hospital coughs up 40 bitcoins to ransomware crooks

Hollywood Presbyterian Medical Center's computers were infected by ransomware. They paid up. Truthfully, it's hard to blame them.

They paid up. Truthfully, it’s hard to blame them.

On Tuesday, we reported on the tale of Hollywood Presbyterian Medical Center, whose computers were infected by ransomware.

This was no joke: ambulances were diverted, electronic medical records disappeared, email was unavailable, and there was no access to X-ray or CT scan information.

Radiation and oncology departments apparently pretty much shut down; their employees apparently banned from even turning on their computers.

For a hospital, we’re talking quintessential hell: a full week of it, as the ransomware spread, and neither hospital IT or law enforcement could make the nightmare stop.

So what did put an end to it?

Paying the ransom. (Which, as we’ve said before, doesn’t always work… but, “thankfully,” this hospital seems to have been victimized by, er, “honest” extortionists.)

Another silver lining on this mushroom cloud: according to hospital President/CEO Allen Stefanek, the ransom was a whole lot smaller than previously reported.

The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.

According to the Los Angeles Times, the FBI is now in charge of the investigation, the computers are gradually being restored to full operation, and hospital employees are putting their pens and pencils away.

If you revisit our original coverage, don’t forget to check out Paul Ducklin’s multiple comments about the special challenges of clearing ransomware once it infects a sizable organization.

While you’re at it, read our recent article on recognizing and preventing the new Locky ransomware, which returns to the vintage approach of infecting you through Microsoft Office macros.

The article contains some useful tips on how you can best protect yourself from ransomware.

Bottom line: please take precautions, and please keep backups: up-to-date, separate, off-site. You never want to face what Hollywood Presbyterian’s been going through.

Image of Ransomware courtesy of

1 Comment

I know its an odd comment, but maybe we shouldn’t be so quick to put the pens and pencils away: I KNOW its a pain, but barring someone setting fire to the medical records room, or a sprinkler malfunction, at least paper can’t be hacked…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!