LA hospital pays £12,000 Bitcoin ransomware demand

A Los Angeles hospital has paid cybercriminals a Bitcoin ransom demand of 12,000 to restore access to its medical database.

The Hollywood Presbyterian Medical Center shut down its computer network on 5 February, following a ransonware cyber attack that has lasted more than a week.

Ransomware commonly refers to malware attacks that encrypt data and demand payment before the user can obtain the decryption key.

Hospital staff were locked out of online patient records and test results, forcing them to resort to pens, pads, phones and fax machines for many tasks usually handled on computers.

As soon as the hospital identified the attack, it called in investigators from the Los Angeles police department, FBI and a private cyber forensics firm.

After more than a week of working with the experts however, managers decided to pay the ransom.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom," said hospital president and CEO Allen Stefanek in a statement. "In the best interest of restoring normal operations, we did this."

Early reports initially claimed the criminals had demanded 9,000 bitcoins (2.6 million), but the hackers only received 40 bitcoins.

Stefanek added that there was no evidence at this time that hackers accessed any patient or employee information.

The identity of the ransomware attackers is still unknown, but some reports have suggested that the attack was random rather than specifically targeted at the hospital.

Cyber attacks such as ransomware are becoming an increasing threat to businesses and public organisations.

The malware attack against the hospital follows Kaspersky Lab's own investigations into hospitals' vulnerabilities, saying it was "scary" how easy it is to hack hospitals.

Lincolnshire County Council was also the victim of a similar malware attack last month, but the council refused to pay the demand.