Bitcoin Ransomware Strikes Another Hospital

Another case of bitcoin ransomware has left one Kentucky hospital in an “internal state of emergency,” according to a report from Krebs On Security.

If this sounds a little like déjà vu, it’s because it is becoming a trend that’s all too common across both the private and public sectors. Just yesterday (March 21) PYMNTS reported about a town that was being held hostage via a bitcoin ransomware attack.

And last month? Another similar attack hit a hospital in Los Angeles in an incident that led to the hospital paying out $17,000 worth of bitcoin to hackers who took down a computer system. What happened, as is the case in most of these hacks, is that a group of hackers encrypted a computer network’s data, holding it hostage from doing anything. Once hacked, the hospital was sent a digital decryption key, which could then be used to unlock the data — but for a hefty price.

And in that case, the hospital acted before law enforcement even stepped in as its officials urged that time was of the essence for obvious reasons (vital medical records).

Which brings us back to this week and a statement from Methodist Hospital: “Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic Web-based services. We are currently working to resolve this issue, until then we will have limited access to Web-based services and electronic communications.”

The malware cited in this case is known as the “locky” strain of malware, which encrypts essential files and documents, and deletes the originals if demands are not met. A backup can only be restored once the hacker restores access to the files. For this case, the hospital’s entire network was hacked, which led to all of its desktop computers being shut down.

“We have a pretty robust emergency response system that we developed quite a few years ago, and it struck us that as everyone’s talking about the computer problem at the hospital maybe we ought to just treat this like a tornado hit, because we essentially shut our system down and reopened on a computer-by-computer basis,” David Park, an attorney for the Kentucky health care center, told Krebs.

He noted that the hospital is working with the FBI to deal with how to handle the ransomware.

“We haven’t yet made decision on that, we’re working through the process,” he was cited as telling Krebs. “I think it’s our position that we’re not going to pay it unless we absolutely have to.”

But unlike the previous Los Angeles hospital case, these hackers only asked for a small sum of four bitcoins for the encrypted files, which amounts to just $1,600.