A hospital in Hollywood, CA has been a victim of a ransomware attack that has left computers unusable for over a week. According to a ZDNet article:
the Southern California hospital has been left unable to practice its usual day-to-day operations. The hospital’s president and CEO Allen Stefanek said “significant IT issues” were discovered last week, leading to emergency measures including calling for the assistance of the FBI, Los Angeles Police Department (LAPD) and cyberforensics experts.
Ransomware encrypts network computers
An unnamed doctor at the hospital said that the system was hacked and “held for ransom,” which suggests ransomware was put into play. This particular breed of malware, usually spread through phishing campaigns and malicious downloads, installs itself on victim machines in order to encrypt system files.
It appears that access to critical systems have been impacted
Stefanek admitted the emergency section of the hospital has been “sporadically impacted” since Friday, and the doctor said email services, in particular, were taken down. As medical records including patient details, X-rays, CT scans and lab work could not be accessed, this has made the situation very dangerous for patients.
As a result, a number of patients have not been able to receive treatment and some have been transported to other hospitals.
Medical staff have been relying on fax machines and telephones as the week-long outage continues to wreak havoc, which had led to a decrease in efficiency and an inability, in some cases, to safely help patients.
This incident is another reminder that organizations need to ensure that they have a disaster recovery plan in place. Disasters are no longer just natural disasters. Once an organization moves from paper based records to electronic records, not having access to electronic records could be critical. Having a plan in place to react and respond when access to electronic records is disrupted is a HIPAA requirement.