Lessons learned from the Hollywood Presbyterian Hospital Cyber-Ransom attack: Top Security Experts Weigh In A major metropolitan hospital was recently hit with a devastating cyberattack that crippled its operations and put patients lives at risk. The response by hospital administrators took almost a week, but was also wrong on many levels. Salinas, CA, February 20, 2016 - The purpose of the attack on Hollywood Presbyterian Medical
Center was not to steal medical records or personal health information, but rather to seize control of and lock down the hospital's entire computer system and all of its networks. Known as “ransomware,” the attackers are demanding $3.6 million (or 9,000 in virtually untraceable BitCoins), to release control of its systems back to the hospital. The hospital's CEO, Allen Stefanek, has responded by saying that the attack appeared to be random and that no patient or employee information is at risk. According to one of country's leading cyberattack experts, Steve King, chief security officer for Netswitch Technology Management, Stefanek's response was inadequate at best and possibly dangerous. King said there are four things never to do in case of a breach of this magnitude. * “Never wait to acknowledge a breach,” says King “The longer you delay, the more it looks like you have something to hide and the less your customers will trust you. A week is crazy-long.” * “Never insult the public's intelligence by saying that ‘no patient or employee information is at risk’ when it is obvious that if the attackers were clever enough to lock down the hospital's systems, they are certainly capable of stealing the medical records as well.” * “Never suggest that you were attacked ‘randomly’ as if by some quirk of fate this horrible thing came your way simply out of the blue. It is likely that these hackers targeted the Hollywood Presbyterian Medical Center specifically because they knew their cyber-security defenses were weak or non-existent.”