Hackers targeting the computer network of major US hospital chain MedStar have demanded a ransom worth thousands of dollars to unlock crucial medical systems - and have even offered a bulk deal as an incentive to tempt bewildered bosses into paying up quickly.
MedStar, which operates 10 hospitals and over 200 outpatient centres in the Baltimore-Washington area, first discovered the infection on 28 March and quickly took steps to take its networks offline in an attempt to curb its spread. Initially, officials refused to describe the attack as 'ransomware' however a number of employees have since confirmed seeing pop-up messages on computers that demanded a hefty bitcoin payment.
In a ransom note, the hackers have demanded three bitcoins, which is roughly £860 ($1,250), for the decryption keys to a single computer or 45 bitcoin, which is the equivalent of about £12,900 to re-gain access to everything. According to The Washington Post, which reportedly viewed the note, the hijackers threatened: "You just have 10 days to send us the Bitcoin. After 10 days we will remove your private key and it's impossible to recover your files."
Bitcoin is a crypto-currency used to buy goods online, however is frequently used by hackers in extortion attempts because it remains largely untraceable. Following the incident, security experts have claimed the ransom note is almost identical to a new form of ransomware known as SamSam which is quickly gaining notoriety for its ruthless ability to exploit vulnerabilities in unpatched servers to lock down an entire network.
The impact on doctors and patients
MedStar, which employs over 30,000 people and treats more than 3,000 on average in a single day, has acknowledged that its systems were attacked however maintains that patient care has not been majorly impacted. Dr Stephen Evans, the system's chief medical officer, said in a statement: "The disruption to our systems has not impacted our ability to provide quality care to our patients, and we regret any inconveniences to our patients and the extra challenges to our associates that the perpetrators of this attack have caused."
However, there are many accounts stating the contrary. According to The Baltimore Sun, a slew of patients and doctors have openly complained about how the virus has affected their ability to work. The FBI is now investigating the attack however has declined to directly comment on the investigation.
On 30 March, Ann Nickels, a spokeswoman for MedStar said three of the main clinical networks had been restored to a 'read-only' basis however would not provide any update on a timescale for a full system restore – or if the hospital group is planning to pay the ransom. "We have bunch of smart IT people working around the clock. Nothing is more important to MedStar health than the ability to provide patient care," she said.
The news comes amid a spike in hospital hacks. Most recently, three medical facilities in California and Kentucky were hit with similar attacks. Meanwhile, a hospital based in the heart of Los Angeles recently paid cybercriminals $17,000 (£11,800) worth of bitcoin to unlock its system after it was taken over by hackers.