Look Out for “Locky”

Look Out for “Locky”

Mar 04, 2016

How’s this for a story line: An e-mail attachment shuts down an entire hospital’s computer systems as well as its cancer-treating equipment for more than a week. Sound like a story line that could only come out of Hollywood? In fact it did.

In mid-February, officials at Hollywood Presbyterian Medical Center in Los Angeles reported an internal emergency when its systems were hacked and held for ransom. Nicknamed “Locky,” the ransomware likely arrived in an e-mail with a Word document attached.

During the downtime that lasted more than a week, some patients were diverted to other medical facilities or were unable to obtain test results. Frustrated physicians and staff were forced to rely on fax machines to communicate and inefficient handwritten forms to deliver care.   

Ultimately, the medical center paid almost $17,000 in Bitcoin to the hackers in exchange for the decryption key to unlock its systems and access its electronic health records. Add to this the cost of operational disruptions and the PR nightmare, and this was quite an expensive attack.

Clearly cyber worries in the healthcare industry have moved well past the mega privacy breaches we’ve seen at major insurers. Small and mid-sized hospitals are now recognizing just how vulnerable they are.

Hollywood Presbyterian insists that patient safety and care were not affected by the incident. Considering the many disruptions that an inability to access electronic patient records can cause, their story could have had a much different ending.

  • Prescribing the wrong medications, incorrect dosages, or missing vital meds altogether. Without medical or medication history readily available, how can a patient’s medical team be certain of what medications were administered, when, and in what doses? Or be aware of potential allergies or episodes in the patient’s past medical history? Many organizations have backup procedures to administer care when their electronic systems are unavailable, but how good are they? How well trained are staff regarding those procedures? And if used infrequently, what are the chances that steps get missed or executed incorrectly?

  • Delays in treatments due to delays in lab results. No computer access means an inability to quickly order tests and get results electronically. Instead, cumbersome paper forms must faxed or walked over, or phone calls placed. Think of the number of lab tests your organization performs in a day; in a week. Now think of the treatment and care decisions that depend on lab results before they can be implemented.

So has Locky got your attention? What are you doing to protect your organization from ransomware?


Paul Johnson
Paul J. Johnson, CISSP, CCSFP, CPA
View Profile


Write a Comment

* = required fields

(will not be published)

(will not be published)

WipfliSecurity Blog

Subscribe to WipfliSecurity