Cygilant Blog

What the California Hospital Hack Means for the Healthcare Industry

Posted by Shawn O'Brien on Mar 11, 2016



The healthcare industry is more at risk of cyber attacks than ever. In February 2016, hackers sabotaged a California hospital and demanded a substantial ransom to stop holding the medical center's systems hostage. The attack reveals how dangerous cyber criminals can be—going so far as to put lives at risk for monetary gain—and it serves as a reminder that the healthcare industry needs to improve its current approach to cybersecurity.


Medical Center Under Siege

The extent of the damage suffered by Hollywood Presbyterian Medical Center was particularly severe. It had to declare an “internal emergency” as a result of the hack: computers were shut down for days, staff members were unable to pull up medical records, and emergency patients had to be diverted to other facilities. The electronic assault involved the hackers placing malware on the hospital's computer systems to encrypt data and prevent personnel from using infected devices. The hospital eventually chose to pay the ransom of 40 bitcoin—approximately $17,000 in U.S. dollars—in order to restore their systems to normal.


The hospital’s chief executive, Allen Stefanek, explained that “the malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.” As this case illustrates, ransomware is a growing threat we can only expect to see more of if organizations don’t take advantage of cybersecurity solutions.

The Healthcare Industry is a Prime Target

One lesson to be learned from the attack is that the healthcare industry is a top target for cyber criminals. The hackers possibly picked a hospital to because they knew they'd be more likely to receive a ransom since the hack would put lives at stake. And the facility was also in a wealthy neighborhood, which must have suggested to the criminals that the organization would be able to afford the ransom.


There are plenty of reasons why the healthcare industry is a lucrative target for hackers. Medical records are more valuable than ordinary credit card information; hackers can sell stolen health credentials for approximately 10 or 20 times the worth of a U.S. credit card number. One reason is that medical records allow criminals to obtain prescriptions for recreational purposes. And unlike credit card data, the information contained in medical records is not easily cancelled or changed. It's no wonder, then, that one in three Americans had their healthcare records breached in 2015.

Cybersecurity for Healthcare

The good news is that those in the healthcare industry can defend themselves from cyber attacks. Managed security services, such as SOCVue, can provide around-the-clock network security monitoring to detect unusual traffic patterns. Medical firms should supplement their in-house security team with trained professionals, who can safeguard IT assets from attacks. In doing so, the healthcare industry can prevent another life-endangering hack.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!


Request Free Demo Now!


Photo: VILevi/Shutterstock

Tags: Healthcare, Data Breach, Cybersecurity, HIPAA, Hacking

Most Recent Posts

Subscribe to Email Updates