Hospital Data Being Held for Ransom by Hackers Will Be a 2016 Epidemic, Expert Warns

February 18, 2016 Updated: February 23, 2016

Hackers breached hospital computers at the Hollywood Presbyterian Medical Center on Feb. 5, making them unusable, and demanded payment to unlock the computers.

Not wanting to take the risk, the hospital agreed to pay close to $17,000 worth in bitcoin. According to The Associated Press, hospital CEO Allen Stefanek said it was done “in the best interest of restoring normal operations.”

The FBI is now allegedly investigating the breach, and the case has made national headlines.

According to James Scott, co-founder of the Institute for Critical Infrastructure Technology, however, the breach may just be a small taste of what’s to come.

Scott believes that hospitals will see a “ransomware epidemic” this year, and noted that many of the attacks “will not be reported.”

The Institute for Critical Infrastructure Technology is a nonpartisan organization that works between the private sector, federal agencies, and legislative community on threats to critical infrastructure—the systems necessary to keep the country running, such as the energy grid and the financial system.

They were finding these guys were putting malware all over the devices within the hospitals.
— James Scott, Institute for Critical Infrastructure Technology

Scott’s prediction on hackers targeting hospitals is well-grounded. Cybersecurity company TrapX conducted a study to track how hackers were breaching hospital networks, and detailed its finding in a June 2015 report.

Researchers with TrapX ran a test with more than 40 hospitals, and they set up fake networks in place of their physical machines to see if hackers would try to breach them—and breach they did.

“They were finding these guys were putting malware all over the devices within the hospitals,” Scott said, noting the findings from TrapX.

After the hackers placed malware on every virtual device they could, the real concerning part came to light. Scott said the hackers “didn’t turn the ‘on’ switch” for their malware.

Instead, the malware was left dormant. He said, “It’s just sitting there.”

Scott said his organization alerted the U.S. House of Representatives in the fall of 2015. “We told the House be ready for the ransomware epidemic.”

Follow Joshua on Twitter: @JoshJPhilipp