NPR logo

Los Angeles Hospital Pays Hackers To Regain Control Of Medical Records

  • Download
  • <iframe src="https://www.npr.org/player/embed/467253422/467253423" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Los Angeles Hospital Pays Hackers To Regain Control Of Medical Records

U.S.

Los Angeles Hospital Pays Hackers To Regain Control Of Medical Records

Los Angeles Hospital Pays Hackers To Regain Control Of Medical Records

  • Download
  • <iframe src="https://www.npr.org/player/embed/467253422/467253423" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

A Los Angeles hospital paid the equivalent of $17,000 in Bitcoins to hackers who took over medical records and shut down the hospital's computer servers for days. The incident is raising questions about patient safety and privacy in the digital age.

ARI SHAPIRO, HOST:

A Los Angeles hospital says it paid a ransom of 40 bitcoins or about $17,000 to hackers who shut down its computer system for days. Hollywood Presbyterian Medical Center says its servers are back online now, and patients' safety was never compromised. NPR's Kirk Siegler reports cyber security experts aren't so sure.

KIRK SIEGLER, BYLINE: Hollywood Presbyterian and law enforcement still haven't said how the malware infected the hospital's computers, but cyber security experts say it's likely that someone unknowingly clicked on a link or opened an email they shouldn't have. And just like that, the hospital servers were locked by thieves demanding ransom to turn them over.

CLIFFORD NEUMAN: Because our systems are so vulnerable, this is sort of a high payoff way for criminals to monetize their hack.

SIEGLER: Clifford Neuman heads the Center for Computer System Security at USC. He says the hospital did the right thing by shutting everything down and reverting to writing medical records by hand straight away. But the fact is the hackers only needed a few seconds to access all that data in sensitive files.

NEUMAN: They don't necessarily know that it didn't send copies out of their system to somewhere else. So there's always a potential that the privacy of medical records were compromised as well.

SIEGLER: Our medical records contain our Social Security numbers, our medical history that advertisers and marketers are hungry for among other sensitive things. And Neuman says this case shows how hospitals, companies, firms big and small need tougher antivirus software and they need to back up their systems. But they should also rethink whether so many employees need access to huge servers at all times. Elizabeth Lucas, CEO of a hacker education company called Decoded, says there's one thing that can never be fully controlled, us.

ELIZABETH LUCAS: There's nothing that your, you know, IT department can do in terms of preventing, you know, the natural curiosity that we have as human beings to click on something when you get an email

SIEGLER: Lucas says we're surprised and alarmed by the Hollywood Presbyterian case, but this sort of ransomeware attack is actually becoming more and more common. She says most firms pay the ransom quickly and quietly because they don't want their reputations tarnished. Kirk Siegler, NPR News, Culver City, Calif.

Copyright © 2016 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

We no longer support commenting on NPR.org stories, but you can find us every day on Facebook, Twitter, email, and many other platforms. Learn more or contact us.