General Discussion

steve2470

(37,481 posts) Thu Feb 18, 2016, 01:49 PM Feb 2016

This LA hospital’s computers weren’t backed up? DR fail made “ransomware” pay [View all]

http://www.computerworld.com/article/3034721/healthcare-it/hollywood-hospital-ransomware-40-bitcoin-itbwcw.html

(I posted about this a few days ago, apparently they paid up, original article title)

A Hollywood hospital has had to pay a ransom to get its data back from hackers who encrypted everything on its computers. The medical center's CEO confessed to spending around $17,000 in Bitcoin—this after a week spent failing to restore important health data, email, and other critical stuff.

In other words, Hollywood Presbyterian Medical Center failed at disaster-recovery (DR). Sounds like it either didn’t have any backups, or the restore didn’t actually work.

Oopsy daisy, hashtag-fail, etcetera. In IT Blogwatch, bloggers see a lesson for all of us: Backups aren’t backups unless you can restore them!

.......

Here’s a local take. Courtesy of Richard Winton— Hollywood hospital pays $17,000 in bitcoins to hackers who took control of computers:

more at link

31 replies

= new reply since forum marked as read

Highlight:

This LA hospital’s computers weren’t backed up? DR fail made “ransomware” pay [View all] steve2470 Feb 2016 OP

Still, 17k is a lot less than the original demands. Erich Bloodaxe BSN Feb 2016 #1

Remind me never to get sick... joeybee12 Feb 2016 #2

This is why the cloud is a good thing. Local backups are not good enough. Rex Feb 2016 #3

I am sure the hackers got in through a "BackDoor" awake Feb 2016 #4

All they do is create an email with a payload or link Sam_Fields Feb 2016 #6

What has been happening is a computer picks up a trojan (might I add usually an executive) or high LiberalArkie Feb 2016 #5

I don't think that is what happened here Egnever Feb 2016 #7

Well if you are a 24/365 business and your last good backup (before the trojan hit) is 1 week old, LiberalArkie Feb 2016 #10

Who are the dumbfucks running that hospital's IT department? backscatter712 Feb 2016 #8

It's real simple, hospitals want to maximize profits. dilby Feb 2016 #11

I dont think that is the case here Egnever Feb 2016 #12

Makes sense. Nt Logical Feb 2016 #14

Sounds like the director's desperately trying to cover his ass. backscatter712 Feb 2016 #15

Including all workstations that connect to it,? Egnever Feb 2016 #16

All the data should have been on the servers. backscatter712 Feb 2016 #17

At most of the companies I worked at, all did regular backups... JustABozoOnThisBus Feb 2016 #9

The HIPAA implications for this hospital are enormous. The fines could be colossal. WillowTree Feb 2016 #13

The fines should be colossal. There's no excuse for this. n/t backscatter712 Feb 2016 #18

Blame the victim much? NobodyHere Feb 2016 #19

Their IT department should have been prepared for this. backscatter712 Feb 2016 #21

Sounds like the prevention costs more than the cure in this case. NobodyHere Feb 2016 #22

This is vital data. Confidential patient data, and if it gets fucked up, people die. backscatter712 Feb 2016 #25

I blame the hospital for lousy computer security. hobbit709 Feb 2016 #23

How bout blaming the hackers? NobodyHere Feb 2016 #24

Hackers wouldn't have been able to get in if there was decent security. hobbit709 Feb 2016 #26

Someone on an earlier post said the backups were likely contaminated too if the RKP5637 Feb 2016 #27

It all depends... backscatter712 Feb 2016 #28

There's only so much you can do about the hackers. backscatter712 Feb 2016 #30

I thought it was PEBKAC backscatter712 Feb 2016 #29

Perhaps they never really tested what they bought. dembotoz Feb 2016 #20

Ars Technica article and comments: Hospital pays $17k for ransomware crypto key steve2470 Feb 2016 #31