Skip to Content

As Hospital Ransomware Spate Emerges, One Victim Pays Up

Medical Records Archive - IMS HealthMedical Records Archive - IMS Health
Getting your medical records can be a challenge.Photograph by Color Day Production — Getty Images

A Hollywood hospital has paid attackers around $17,000 in bitcoins to regain access to its computer systems.

It emerged earlier this week that the Hollywood Presbyterian Medical Center’s systems had become infected with malware that encrypted files and demanded money for providing the decryption key.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” the center’s CEO, Allen Stefanek, wrote in a Wednesday statement. “In the best interest of restoring normal operations, we did this.”

Stefanek disputed reports saying the attackers were demanding 9,000 bitcoins, or $3.4 million. He said the ransom was only 40 bitcoins.

Get Data Sheet, Fortune’s technology newsletter.

As Fortune‘s Robert Hackett has reported, ransomware — viruses that amount to digital hostage-taking — is a growing phenomenon affecting businesses and individuals. Now it’s hitting hospitals too.

Worryingly, the case of Hollywood Presbyterian is far from unique. Ransomware infections have also struck at least three German hospitals in recent weeks.

One victim, the Lukas Hospital in Neuss, North Rhine-Westphalia, had to completely shut down its systems a week ago, as a result of a ransomware infection that came through a dodgy email attachment. Ulla Dahmen, a spokeswoman for the hospital, said Thursday that most of the systems were back up and running, but some, notably its email systems, remained down for now.

Dahmen said the Lukas Hospital had not paid its attackers any ransom, and it was in the process of scrubbing the malware from its systems. The matter is now in the hands of the Cologne state prosecutor’s office and, according to hospital administrators, no patient data was stolen or harmed.

For more on cybersecurity, watch:

“I think it is absolutely wrong to pay these criminals,” said Christian Marolt, the secretary-general of the European Association of Healthcare IT Managers, who said paying ransoms will only encourage them to target more hospitals.

Marolt said it was rare for hospitals to go public about falling victim to cyberattacks, but this has to change. He also said it was the responsibility of software vendors to make hospital systems more secure — and the responsibility of hospitals to stop using out-of-date technologies that are particularly vulnerable.

“How can it be an email which is opened by anybody by accident can bring down a hospital?” Marolt asked. “This is something where the IT world and particularly hospitals [have] to make the right steps and invest into the right IT infrastructure.”