Cybersecurity

Senate Dem presses FBI on ransomware attacks at hospitals

by Cory Bennett 04/11/16 12:25 PM ET

Sen. Barbara Boxer (D-Calif.) is pressing the FBI for information on a string of cyberattacks at hospitals that have forced networks offline and, in some cases, led to ransom payments.

These so-called ransomware attacks involve hackers remotely locking up vital electronic files and demanding payment for their return.

{mosads}“I am concerned that by hospitals paying these ransoms, we are creating a perverse incentive for hackers to continue these dangerous attacks,” Boxer said in a letter sent Friday to FBI Director James Comey.

The tactic has become an increasingly popular — and profitable — choice among cyber crime syndicates. Experts estimate that the industry exceeds half a billion dollars annually.

A recent string of successful ransomware attacks at hospitals in Boxer’s home state of California has thrust this underground criminal activity into the spotlight.

In February, a California hospital paid a $17,000 ransom to free its computers from a hacker’s virus.

“The attack forced the hospital to divert critical 911 patients to other medical centers and to administer care without access to the important information contained in electronic medical records,” Boxer said.

Another West Coast-based company, Prime Healthcare Services, has also battled ransomware in recent weeks at three of its facilities.

Closer to Capitol Hill, a ransomware attack hit MedStar Health in late March. The $5 billion organization that operates 10 hospitals in the Maryland and Washington, D.C., area had to take its networks down, although it doesn’t appear MedStar paid a ransom.

But even if a hospital refuses to pay up, a person’s medical records can be sold on the dark Web for roughly $80, experts say. By comparison, credit card numbers only fetch a few dollars each.

Boxer asked the FBI to “provide information regarding the FBI’s efforts to investigate these crimes.”

Law enforcement has struggled to combat ransomware attacks.

Many victims, desperate to regain access, simply pay the price without consulting police. In addition, ransomware payments are made via hard-to-trace digital currencies such as bitcoins, and many digital kidnappers are protected by friendly Eastern European governments.

Boxer also requested that the FBI “indicate what steps you believe hospitals and other businesses can take to protect themselves both prior to and following a ransomware attack.”