Hackers are increasingly targeting hospitals, using viruses to lock their computer systems and hold sensitive medical data and other files hostage, according to a doctor in Great Britain.
The computer viruses that lock the files are called ransomware. These attacks prevent hospitals from accessing the data stored on their computers until they pay a ransom, explained Dr. Krishna Chinthapalli. He’s a neurologist at the National Hospital for Neurology and Neurosurgery in London.
Chinthapalli’s warning was published May 11 in the BMJ. He said hospitals must be prepared for these events.
Hollywood Presbyterian Medical Center in Los Angeles was the target of a ransomware attack in February 2016, according to Chinthapalli.
The hospital initially denied rumors that its computer system was held for more than $3 million in ransom. But 10 days later the medical center paid $17,000 to regain access to its data, Chinthapalli said in a journal news release.
This was the first case in which a hospital admitted that it paid a ransom for its computer files, Chinthapalli said. Since then, other U.S. medical facilities have faced similar attacks, including hospitals in California, Indiana, Kentucky, Maryland and Texas.
The Federal Bureau of Investigation (FBI) reported a fourfold increase in ransomware attacks from 2015 to 2016. Those attacks resulted in a total of $1 billion being paid to hackers, the FBI said.
Hospitals are ideal targets for ransomware attacks, Chinthapalli said. Hospitals often use proprietary software based on ancient operating systems. And because hospital computers hold confidential patient information that can be sold illegally, these institutions are often willing to pay for the quick recovery of their data, he said.
“We should be prepared: more hospitals will almost certainly be shut down by ransomware this year,” Chinthapalli said.
There are ways hospitals can safeguard sensitive data from ransomware attacks, Chinthapalli said. Prioritizing the security of computer hardware and software, and performing frequent backups is essential, he said.
Hospital IT departments should also be notified of ransomware attacks as soon as possible so infected computers can be quickly identified and isolated, he said.
The U.S. Federal Trade Commission has more about ransomware.