The computer system of Hollywood Presbyterian Medical Center in Los Angeles has been hijacked by one or more hackers, who are asking for $3.6M ransom to restore access.
Ransomware is always going to present a major headache for any victim, but when a hospital is at the center of an attack, the matter suddenly appears more threatening, with the stakes potentially a whole lot higher.
Take the Hollywood Presbyterian Medical Center in Los Angeles. Its computer systems have been offline for more than a week following a ransomware attack, with hackers reportedly demanding a $3.6 million payment to restore access, CSO reported Monday.
Staff are understandably having a hard time coping, with procedures such as CT scans unable to be carried out. In some cases, patients are being ferried to nearby medical facilities for treatment.
The ongoing incident also means hospital workers are unable to gain access to important documents, patient data, and emails. Instead, staff have had to step back in time, firing up fax machines and making more use of pens and paper to keep track of work at the facility.
The hospital has confirmed the attack, and says that so far it has no evidence to suggest patients’ medical records have been accessed by the hackers, the BBC reported.
The computing system of the hospital is likely on-premise and therefore more secure than the coming world of cloud-powered ‘precision medicine’. Sadly, a recent paper from ENCODE leader Mike Snyder shows that security issue is not being taken seriously. The paper talks a lot about how to stay on the right side of various security regulations and very little about how to actually keep the data and exchanges secure. We expected to see extensive discussions on new security and privacy threats, given that the existing regulations were developed for pre-cloud era, but did not find any. In fact, occasional gripes in the paper about how the existing regulations create obstacles for researchers (‘We realize that the above recommendation poses challenge for the researcher in the scenario where the researcher leaves the institute but retains access to data.’) suggests that these people are not at all concerned about security issues, and would feel happy to outsource that obligation to some outside central planning agency (HIPAA, PHI, FISMA, FedRAMP) etc.
Understanding Cloud security for genomics data is challenging but a critical need. It is our observation that security requirements are often inconsistent not only across datasets but also between on-premise solutions and Cloud for the same dataset. We attempt to summarize these security requirements across a wide range of regulatory bodies from government and private sources. While we expect the implementation to be different between Clouds and evolution in implementation methodology in time, we expect these guidelines to be applicable in foreseeable future. We also note that security does not necessary provide privacy and significant effort is needed to address privacy for a research centric platform.