Skip to content Skip to navigation

Time to Face the Ransomware Crisis in U.S. Healthcare: Industry Experts Speak Out

April 18, 2016
by Mark Hagland, Rajiv Leventhal, and Heather Landi
| Reprints
Industry experts agree it’s time for healthcare IT leaders to meet the ransomware crisis head-on

The ransomware phenomenon is menacing more and more U.S. hospitals and patient care organizations. What does it mean? And what can be done? Part one in a two-part series.

The first nationally reported mainstream media news story in this drama was that around Hollywood Presbyterian Medical Center. On Friday, February 12, NBC4News, the local affiliate of the NBC network in Los Angeles, reported in its noon and evening broadcasts, and then online, this story: “Hollywood Hospital ‘Victim of Cyber Attack.’” As the online version of the story, by Jason Kandel and Robert Kovacik, stated, “A Southern California hospital was a victim of a cyber-attack, interfering with day-to-day operations, the hospital’s president and CEO said. Staff at Hollywood Presbyterian Medical Center began noticing ‘significant IT issues and declared an internal emergency’ on Friday, said hospital President and CEO Allen Stefanek. A doctor who did not want to be identified said the system was hacked and was being held for ransom.”

In the days that followed, more news reports appeared, confirming that, among other things, the electronic health record (EHR) and other clinical information systems at Hollywood Presbyterian Medical Center had been shut down for more than a week, and confirming that a ransomware attack had taken place, and stating that the cybercriminals behind it were demanding $3.6 million to restore the system.

Just five days after the first NBC4News reports were aired on local television and online, hospital CEO Stefanek issued a formal statement published on the hospital’s website, reporting that the hospital had paid the hackers 40 Bitcoins, or the equivalent of $17,000, and the cybercriminals had given Hollywood Presbyterian executives the key to restore their clinical information systems. Stefanek also said in that statement that the news reports of a $3.6 million demand for restoration were wildly exaggerated, and that the demand had been for only $17,000 to begin with.

Then, on Monday, March 28, The Washington Post reported that the 10-hospital, Columbia, Md.-based MedStar Health integrated health system’s clinical information system had had to be shut down because of a virus-based hacking attack. Further, on Thursday, March 31, The Baltimore Sun confirmed that the attack reported on that Monday had included a digital ransom note. In the following days, additional news reports, as well as statements by MedStar Health officials, described MedStar staff members’ attempts to restore the full functionality of their clinical information systems, while working at the same time to maintain as high a level of patient care service as possible.

And then on March 31, The San Diego Union-Tribune reported that Alvarado Hospital Medical Center in San Diego had been hit with a malware attack, as had Chino Valley Medical Center and Desert Valley Hospital in Victorville—in other words, three Southern California hospitals hit with malware attacks more or less at the same time. That same week, WSCH Radio reported that Kings Daughters Health in Madison, Indiana, had been hit by a ransomware attack, causing hospital executives to shut down all of its information systems in response.

What’s more, industry experts tell Healthcare Informatics that ransomware attacks are now occurring every single week at hospitals around the United States, with varying levels of effectiveness. In fact, say observers, the volume has reached a fever pitch in the past few months, though only a tiny percentage are leading to complete shutdowns of the clinical information systems, or even all the information systems, of hospital and health system organizations; and it is only those enterprise-wide shutdowns that are attracting mainstream media coverage.

So what is going on? And what are healthcare IT leaders doing to respond to this escalating phenomenon? We at Healthcare Informatics have spoken to a variety of senior healthcare and healthcare IT leaders, in patient care organizations and consulting firms, about the phenomenon. In this article, the first in a two-part series, we look at the landscape around the ransomware phenomenon, and the industry’s broad response to it. In part two, we will share healthcare IT leaders’ specific pieces of advice around what their peers should be doing right now to address this growing problem.

Is It a Crisis? And What Does It Mean If It Is a Crisis?