By Katie Bo Williams - 02/16/16 04:28 PM EST
Hackers are holding a California hospital’s patient files ransom, reportedly demanding $3.6 million to unlock the data.
With computers offline, medical staff are relying on paper charts and fax machines. Some computer-enabled patient care — like CT scans, for example — have been curtailed, according to local news reports.
Hollywood Presbyterian Medical Center declared an internal emergency on Friday after it discovered “significant IT issues,” CEO Allen Stefanek said in a statement.
But while the hospital hasn’t commented on the ransom yet, an anonymous physician told NBC that the hackers were demanding a ransom to unlock the system — to the tune of 9 million in bitcoin ($3.6 million), according to CSO Online.
Security experts have warned that the use of so-called “ransomware” — software that locks down an internal IT system until payment is made — is on the rise
One of the most infamous strains of ransomware, known as CryptoWall, is responsible for $325 million in damages, according to a recent report.
Many victims simply pony up. One 2014 study from the U.K. suggested that around 40 percent of the victims of a common ransomware software paid to regain access to their data.
Although Hollywood Presbyterian officials have indicated that the attack was random, security experts warn that as cybercriminals have grown more sophisticated, so too has their selection of victims.
“Much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more,” Craig Spiezle, Executive Director of the Online Trust Alliance, said in a release last month.
Hospitals that fail to protect patient data face stiff penalties under the Health Insurance Portability and Accountability Act, which requires safeguards to ensure only those who should have access to electronic protected health information have access.
The cost to healthcare organizations can be staggering.
The worldwide per capita cost of a stolen record in the healthcare industry is $363, according to a recent Ponemon study. At over twice the average, it’s the most expensive industry for breach.