Hollywood Presbytrian held for ransom?

[Bidin~Time]

For the past week Hackers have held the computer system of Hollywood Presbyterian hostage. For the price of 9000 bitcoins(3.6 million$$), they can have the keycodes to unlock their system.

According to the powers that be of the hospital no patient lives have been adversely affected, but do you buy that? I can't even begin to describe how this would affect the systems I use because, well, it's everything...everything; every single diagnostic dept., transcription, imaging storage, pharmacy, EMR of every description is computerized. The staff must be stressed beyond belief

Also, bitcoins?



http://www.sfchronicle.com/business...k-reveals-digital-risk-in-medical-6834978.php



http://www.techtimes.com/articles/1...emand-3-6-million-as-patients-transferred.htm

 

[Aella_]

I have additional questions:

3.6 millions are not a lot of money in this day and age.
But for a charity-based hospital, that amount can save many lives. Or is it a hospital where a few rich patients tend to attend, so that their private info was their primary target?

And why Presbyterian Hospital and not another one? Because of the above, or were their security systems more slack than those of other hospitals?

 

[lovetoread]

There is nothing to do but either pay the bitcoin or wipe the machines.

My company does not pay so I do a lot of wiping of data. What gets me is that the end user is usually pissed at me for wiping it, but not themselves for installing the crypto in the first place.

 

[Five_Inch_Heels]

BC needs to be eliminated. Blocked at every level as a form of criminal funding. Top level internet communications could cripple the use of it.

--OR--

It needs to be completely traceable to the extent of any other financial transaction.

ThugPunks that do this kind of thing need lead to the head.

Hackers need their fingers hacked off.

 

[Bidin~Time]

I have additional questions:

3.6 millions are not a lot of money in this day and age.
But for a charity-based hospital, that amount can save many lives. Or is it a hospital where a few rich patients tend to attend, so that their private info was their primary target?

And why Presbyterian Hospital and not another one? Because of the above, or were their security systems more slack than those of other hospitals?

I don't know. although the hospital claims the private info of patients isn't compromised, I don't know how can they be sure.

 

[SpermofCicero]

Ransomware isn't built to actually access information, to read it or to steal it; it's only purpose is to block user access to information on the infected computer, holding it ransom until the ransom is paid - and if that ransom isn't paid, all the information held will be destroyed.

Ransomware can most certainly be eradicated from a computer, but that totally depends on the sophistication of the particular ransomware program itself. For instance, I've personally eradicated every instance of the infamous FBI ransomware I've ever been presented with. However, no doubt this hospital is dealing with a much higher degree of sophisticated ransomware.

If they can't get it scrubbed from their computers, the only way to regain access to all that information is to pay the kidnappers, or hope it's an empty threat and the ransomware expires on its own.

Otherwise, all that information will be destroyed when the ransom deadline expires.

Of course, if everyone would simply store their data completely separate from their operating system, this would not be an issue at all, as the OS could easily be reinstalled, which naturally eradicates the ransomware, while the actual data is never at any risk.

Any entity that doesn't do that as SOP is simply inviting continuous attack.

 

[phrodeau]

Ransomware isn't built to actually access information, to read it or to steal it; it's only purpose is to block user access to information on the infected computer, holding it ransom until the ransom is paid - and if that ransom isn't paid, all the information held will be destroyed.

Ransomware can most certainly be eradicated from a computer, but that totally depends on the sophistication of the particular ransomware program itself. For instance, I've personally eradicated every instance of the infamous FBI ransomware I've ever been presented with. However, no doubt this hospital is dealing with a much higher degree of sophisticated ransomware.

If they can't get it scrubbed from their computers, the only way to regain access to all that information is to pay the kidnappers, or hope it's an empty threat and the ransomware expires on its own.

Otherwise, all that information will be destroyed when the ransom deadline expires.

Of course, if everyone would simply store their data completely separate from their operating system, this would not be an issue at all, as the OS could easily be reinstalled, which naturally eradicates the ransomware, while the actual data is never at any risk.

Any entity that doesn't do that as SOP is simply inviting continuous attack.

They say that patient info isn't compromised, so they probably do store data off the mainframe. With cloud storage, there's no reason not to.

 

[RobDownSouth]

Ransomware isn't built to actually access information, to read it or to steal it; it's only purpose is to block user access to information on the infected computer, holding it ransom until the ransom is paid - and if that ransom isn't paid, all the information held will be destroyed.

Ransomware can most certainly be eradicated from a computer, but that totally depends on the sophistication of the particular ransomware program itself. For instance, I've personally eradicated every instance of the infamous FBI ransomware I've ever been presented with. However, no doubt this hospital is dealing with a much higher degree of sophisticated ransomware.

If they can't get it scrubbed from their computers, the only way to regain access to all that information is to pay the kidnappers, or hope it's an empty threat and the ransomware expires on its own.

Otherwise, all that information will be destroyed when the ransom deadline expires.

Of course, if everyone would simply store their data completely separate from their operating system, this would not be an issue at all, as the OS could easily be reinstalled, which naturally eradicates the ransomware, while the actual data is never at any risk.

Any entity that doesn't do that as SOP is simply inviting continuous attack.

You are full of shit.
The ransom demand never "expires", it stays out there until it is wiped out or the ransom paid.

And most of the latest versions of the FBI ransomware cannot be removed.

I've had first hand experience with this shit at a remote site.

 

[Five_Inch_Heels]

And in other news ..... a dude wanted for hacking another hospital was picked up at sea after his sailboat developed trouble. One of the big Mouse cruise ships plucked him and his squeeze off the water.

 

[Bidin~Time]

Ok, so let's talk about this angle. The results of every x-ray, CT scan, MRI, PET, mammogram, ultrasound, and their corresponding reports, ekg, lab draw, every order placed during any or all hospital stay, including IV therapy pharmacy orders. Gone.

Any future need for studies due to chronic issues, complicated because the studies they would be compared against no longer exist. The doctor's will have no way of knowing if conditions have stabilized over time or deteriorated.

If the lack of that information causes a death, or compromises a court case for negligence alleged in a car accident, or a patient is trying to prove a worker's comp case or approval for some sort of disability, what then? The subsequent court cases suing the hospital for not protecting their systems could come to much more than 3.6 million.

 

[4est_4est_Gump]

For the past week Hackers have held the computer system of Hollywood Presbyterian hostage. For the price of 9000 bitcoins(3.6 million$$), they can have the keycodes to unlock their system.

According to the powers that be of the hospital no patient lives have been adversely affected, but do you buy that? I can't even begin to describe how this would affect the systems I use because, well, it's everything...everything; every single diagnostic dept., transcription, imaging storage, pharmacy, EMR of every description is computerized. The staff must be stressed beyond belief

Also, bitcoins?



http://www.sfchronicle.com/business...k-reveals-digital-risk-in-medical-6834978.php

http://www.techtimes.com/articles/1...emand-3-6-million-as-patients-transferred.htm

This is an interesting case.

Consider how we were told that putting all hospital records into a digital format would make our lives so much better, and our health care so much cheaper...



And now, we see that those records need so much more security.

That's a "hidden tax"

 

[4est_4est_Gump]

They say that patient info isn't compromised, so they probably do store data off the mainframe. With cloud storage, there's no reason not to.

Perhaps, but if they can lock up the system, the next time, ????

 

[4est_4est_Gump]

I used to write banking software and one thing that I had to do was to put in a god code to safeguard against the client losing their master password.

You would think that no one would be able to lock themselves out, but I had to at several times go in and use the god code. It was written into the code. A very clever hacker could have gotten into that code. Back then, we did not have the encryption...

 

[Hard_Rom]

Blocking access is a lot easier than stealing data. It takes a much greater advanced virus to mess with an MRI then to infect databases.

Bitcoins are the preferred 'money' on the dark web.

They are 'kidnappers and ransomers' not killers. You kill people in a hospital, public opinion will force FBI to come after to you like gangbusters. Just take a few mill from a megacorp and they will get around to solving it sooner or later.

 

[SpermofCicero]

Ok, so let's talk about this angle. The results of every x-ray, CT scan, MRI, PET, mammogram, ultrasound, and their corresponding reports, ekg, lab draw, every order placed during any or all hospital stay, including IV therapy pharmacy orders. Gone.

Any future need for studies due to chronic issues, complicated because the studies they would be compared against no longer exist. The doctor's will have no way of knowing if conditions have stabilized over time or deteriorated.

If the lack of that information causes a death, or compromises a court case for negligence alleged in a car accident, or a patient is trying to prove a worker's comp case or approval for some sort of disability, what then? The subsequent court cases suing the hospital for not protecting their systems could come to much more than 3.6 million.

Wouldn't the same hypothetical(s) exist for a hospital which burned downed and all its same records were destroyed, and the hospital was shown to be somehow negligent somehow in not protecting them in that case, too?

 

[SpermofCicero]

BTW:

It is very wise to take everything a corporate victim says about the status of any information they store during a situation like this with a grain of salt...

In that liability regard, they are in full cover their own ass mode, and understandably so.

 

[nerfhearder]

For the past week Hackers have held the computer system of Hollywood Presbyterian hostage. For the price of 9000 bitcoins(3.6 million$$), they can have the keycodes to unlock their system.

According to the powers that be of the hospital no patient lives have been adversely affected, but do you buy that? I can't even begin to describe how this would affect the systems I use because, well, it's everything...everything; every single diagnostic dept., transcription, imaging storage, pharmacy, EMR of every description is computerized. The staff must be stressed beyond belief

Also, bitcoins?



http://www.sfchronicle.com/business...k-reveals-digital-risk-in-medical-6834978.php



http://www.techtimes.com/articles/1...emand-3-6-million-as-patients-transferred.htm

Most digital crooks use bitcoin. It's not untracable but close enough that they can get away with it plus it can be written into the code that once a transaction is made the malware/ransomware/whatever is lifted.

 

[richard_daily]

BC needs to be eliminated. Blocked at every level as a form of criminal funding. Top level internet communications could cripple the use of it.

--OR--

It needs to be completely traceable to the extent of any other financial transaction.

ThugPunks that do this kind of thing need lead to the head.

Hackers need their fingers hacked off.

Spoken like a true statist.

 

[lovetoread]

Ok, so let's talk about this angle. The results of every x-ray, CT scan, MRI, PET, mammogram, ultrasound, and their corresponding reports, ekg, lab draw, every order placed during any or all hospital stay, including IV therapy pharmacy orders. Gone.

Any future need for studies due to chronic issues, complicated because the studies they would be compared against no longer exist. The doctor's will have no way of knowing if conditions have stabilized over time or deteriorated.

If the lack of that information causes a death, or compromises a court case for negligence alleged in a car accident, or a patient is trying to prove a worker's comp case or approval for some sort of disability, what then? The subsequent court cases suing the hospital for not protecting their systems could come to much more than 3.6 million.

They will end up paying the bitcoin just like the various police depts and schools here have done. The crypto people really do send the code once the payment goes through.

 

[RobDownSouth]

I used to write banking software and one thing that I had to do was to put in a god code to safeguard against the client losing their master password.

You would think that no one would be able to lock themselves out, but I had to at several times go in and use the god code. It was written into the code. A very clever hacker could have gotten into that code. Back then, we did not have the encryption...

You'd never work again in the banking industry after your first bank security audit.

"God code".

Skyfather wept.

 

[gypsyTX]

Ok, so let's talk about this angle. The results of every x-ray, CT scan, MRI, PET, mammogram, ultrasound, and their corresponding reports, ekg, lab draw, every order placed during any or all hospital stay, including IV therapy pharmacy orders. Gone.

Any future need for studies due to chronic issues, complicated because the studies they would be compared against no longer exist. The doctor's will have no way of knowing if conditions have stabilized over time or deteriorated.

If the lack of that information causes a death, or compromises a court case for negligence alleged in a car accident, or a patient is trying to prove a worker's comp case or approval for some sort of disability, what then? The subsequent court cases suing the hospital for not protecting their systems could come to much more than 3.6 million.

So they didn't back up their data? That's pretty negligent.

 

[Hard_Rom]

They will end up paying the bitcoin just like the various police depts and schools here have done. The crypto people really do send the code once the payment goes through.

You have to release system. Like kidnappers. They pay, you don't release. There goes repeat business.

 

[JohnnySavage]

I never really understood the differences between the Presbyterians, Methodists, Baptists, Lutherans, etc...

 

[nerfhearder]

I used to write banking software and one thing that I had to do was to put in a god code to safeguard against the client losing their master password.

You would think that no one would be able to lock themselves out, but I had to at several times go in and use the god code. It was written into the code. A very clever hacker could have gotten into that code. Back then, we did not have the encryption...

None of that is true.

 

[nerfhearder]

You have to release system. Like kidnappers. They pay, you don't release. There goes repeat business.

The smart ones don't want the repeat business and always allow access once payment is made.
The others are in prison because when you shoplift from the same store over and over you WILL get caught.