Connect with us

Hi, what are you looking for?



When Ransomware Hits Healthcare: To Pay or Not to Pay?

A new report from theat intelligence firm Flashpoint highlights dark web discussion over targeting hospitals with ransomware – and demonstrates a surprising contrast in opinion. Not all criminals agree with the concept. The problem is it takes only one to disagree.

A new report from theat intelligence firm Flashpoint highlights dark web discussion over targeting hospitals with ransomware – and demonstrates a surprising contrast in opinion. Not all criminals agree with the concept. The problem is it takes only one to disagree.

Following the successful ransom of the Hollywood Presbyterian Medical Center (HPMC) for $17,000, the subject was discussed extensively on the criminal forums. Flashpoint notes that many Eastern European cyber criminals reacted coldly. “One highly reputable member of a Russian cybercrime forum,” states the report, “expressed his frustration, writing: ‘From the bottom of my heart I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with it [the malware].’”

Another said, “Dirt bags, the move is completely unethical. Do not touch hospitals!”

The Hollywood hospital attack marked a new development in ransomware. Before that time the preferred attack methodology had predominantly been large-scale infections via spam campaigns demanding anything between $250 and $500. This one had to be different. “The price is set prior to malware deployment and can generally not be altered once installed. In other words, extorting a hospital for such an astronomical sum suggests a purposeful and targeted attack against this specific victim.”

This was probably a natural extension of the growing practice of hacking healthcare and stealing patient information. It simply required one criminal to guess that taking control of all the data would be more profitable than simply exfiltrating patient data. While many criminals have denounced the attack, others are using it to promote their own ransomware. 

“Hacker holds Hollywood Hospital to ransom for $3.6 million in Bitcoin in Ransomware Cyber Attack,” wrote one hacker calling himself the BitcoinBlackmailer. “What if you was that hacker? I bet he was just a 16 years old kid in the right place at the right time. Just like you are now…”

The danger is that targeted attacks against specific companies across all industry sectors will now increase. “While certainly ransomware is applied indiscriminately across industries and individuals,” reports Flashpoint, “a shift in criminal business tactics recognizing that access to the data can be more valuable than the data itself exposes corporations more broadly to this type of threat.”

Official advice from law enforcement agencies is that ransoms should not be paid. There is growing evidence that payment doesn’t always result in release of the data. Nevertheless, law enforcement accepts that infected companies have to make their own judgment based on their own circumstances.

Advertisement. Scroll to continue reading.

SecurityWeek knows of at least one CISO in the healthcare industry who refuses to rule out paying a ransom. Though saying he would personally not wish to pay the criminals, he suggests that his hands might be tied by legal requirements. His company provides services to others in the health industry, and all of the services have associated SLAs. Since security is a risk management process, he fears that legal costs for breaking the SLAs could dwarf the cost of the ransom – and risk management principles would require him to pay.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...