Last week, yet another American hospital was tossed into chaos after its computers were infected by hackers.
This time it was Methodist Hospital, an averaged-sized medical facility located in western Kentucky.
Methodist Hospital was operating “in an internal state of emergency” on Friday, according to its website. A section of its computer network had been rendered useless.
The hospital got hit with ransomware, a particularly nasty type of computer virus that encrypts computer files. Hackers don’t give you a key to unlock documents until they are paid a ransom.
It’s only the latest medical facility to be hit this way, falling in line with a prediction by cybersecurity firm Trend Micro that “2016 will be the year of online extortion.”
“[Hospitals] have critical information and money to pay,” said Ed Cabrera, an executive at Trend Micro. “They’re seen as easy targets.”
In a prepared statement, Methodist said “no patient data or records were compromised.” However, it did not clarify what documents were affected.
An email laced with ransomware managed to make it past the hospital’s email spam filter, according to hospital spokeswoman Brandi Schwartz. She did not say when this occurred.
Someone opened the email, which spread the infection into the network. The hackers demanded to be paid in Bitcoin, an electronic money that’s difficult to trace.
The hospital would not say how much money was requested, but cybersecurity reporter Brian Krebs revealed that hackers demanded four bitcoins — only $1,656 at today’s exchange rate.
That fits with the typical business model for ransomware hackers, who target anyone they can. These hackers don’t usually focus on extorting a particularly wealthy person or company. They attack the masses, hoping to rake in a little money from lots of people.
Keeping the ransom low — typically $300 or so — increases the likelihood people will pay to get their files back.
But in this case, Methodist Hospital refused to pay. It simply shut down the infected part of the computer system, relying instead on backup copies of the information stored elsewhere.
It’s unclear whether the hospital has permanently lost files that were not backed up.
The hospital said it’s now coordinating with the FBI and local Henderson Police Department.
“Methodist Hospital would like to assure its patients that their information is safe and secure and has not been compromised in any way,” the hospital announced.
Several American hospitals have been hit by ransomware in recent weeks, part of an alarming trend that shows no sign of stopping anytime soon.
Most notably, in February the Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to get its computer systems back up and running.
Local press reports describe similar attacks at other hospitals across the country.
Zach Forsyth, an executive at cybersecurity company Comodo, said these ransomware attacks are effective because hospitals rely on antiquated technology that alerts them only after an infection has occurred.
“It hasn’t kept up with the aggressive technology innovation that cybercriminals undertake daily,” he said.