Security Experts:

Connect with us

Hi, what are you looking for?



Hollywood Hospital Pays $17,000 Ransom to Recover Files

The Hollywood Presbyterian Medical Center in Los Angeles has decided to pay a ransom demanded by a piece of ransomware that infected the organization’s computers earlier this month.

The Hollywood Presbyterian Medical Center in Los Angeles has decided to pay a ransom demanded by a piece of ransomware that infected the organization’s computers earlier this month.

The hospital discovered the malware on its systems on February 5, when staff experienced difficulty in accessing the network. An investigation revealed that a piece of ransomware had encrypted files on some devices, which led to a disruption of the organization’s IT systems.

Law enforcement was notified and experts were called in to assist Hollywood Presbyterian with tracking down the source of the attack and restoring systems.

Initial reports said the ransomware demanded the payment of 9,000 Bitcoin (roughly $3.4 million), but, as expected, the information turned out to be inaccurate. Allen Stefanek, president and CEO of Hollywood Presbyterian, clarified on Wednesday that the cybercrooks demanded 40 Bitcoins, or roughly $17,000, which the hospital paid.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” Stefanek said.

“HPMC has restored its electronic medical record system (“EMR”) on Monday, February 15th. All clinical operations are utilizing the EMR system. All systems currently in use were cleared of the malware and thoroughly tested. We continue to work with our team of experts to understand more about this event,” he added.

Stefanek told NBC that this appeared to be a “random” attack, which raised questions about the reports that the attackers demanded 9,000 Bitcoins. In most ransomware attacks, cybercriminals demand hundreds of dollars worth of Bitcoin, although there are some variants that demand larger amounts and the ransom usually increases considerably if it’s not paid within 48 hours.

Most security experts advise against paying the ransom, but it’s clear that there are people and organizations that feel they have no other choice. An analysis conducted by the Cyber Threat Alliance last year showed that a cybercrime ring managed to make more than $300 million using the CryptoWall ransomware.

“Ransomware has become a lucrative business for underground malware writers. They’re attempting to infect end users through multiple methods of attack, such as phishing, drive-by download scams and server vulnerabilities. The quick ‘monetization’ of ransomware scams is the reason for this new vector being exploited so heavily,” Rahul Kashyap, EVP and Chief Security Architect at Bromium, told SecurityWeek. “It is imperative that users do not pay ransom. Paying ransom is equivalent to funding attackers to launch more attacks in the future.”

The BBC reported last month that the Lincolnshire County Council in the UK was hit by a ransomware that demanded the payment of £1 million ($1.4 million) in return for the key needed to decrypt files. It later turned out that the ransom was just $500, which the council refused to pay.

Related: CryptoWall 4.0 Spreading via Angler Exploit Kit

Related: Show me the Money – Cybercriminals Hijack Online Resources to Boost Profits

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.