St. Mark’s Paid an $18,000 Ransom To Computer Hackers

By ANDY BEHLEN  St. Mark’s Medical Center CEO Rick Montelongo confirmed Wednesday that his hospital fell victim to a computer ransomware attack. He said the hospital paid approximately $18,000 in the digital currency bitcoin to regain control of its computer system.

The hack mirrors a number of other computer attacks that have taken place against hospitals across the nation. In recent cases from California, Kentucky and several on the east coast, hackers have been able to gain access to hospital computer system and encrypt the data on those systems, rendering files unreadable. They then demand payment in exchange for an electronic key that can decrypt the data.

Montelongo said the attack, which took place on March 20, also affected the hospital’s backup computer system. He said the hospital hopes to restore the computer system by the end of this week.

Below are some questions we asked Montelongo and his responses:

FCR: Is this a ransom attack, and if so, how much are they asking for?

RM: In order to obtain the decryption keys and resume systems as quickly and efficiently as possible, we paid the requested amount in Bitcoin equivalent to approximately $18,000.

FCR: Is the hospital still operating on pen and paper or even operating at all? We’re hearing reports from patients about being turned away for appointments.

RM: St. Mark’s Medical Center is operating and functional. No patient has been turned away for service at the hospital. Initially, some patients needing CT or MRI were provided those services at other facilities, but those services are now fully operational at St. Mark’s. We continue to deliver high-quality care in a safe environment. 

FCR: We heard that the hospital did not have a backup system prior to the attack, is that right?

RM: The hospital does have a back-up system which, unfortunately, was also affected by the malware. Our IT team works diligently to maintain all systems to the highest possible security standards.

FCR: Has any patient information been compromised?

RM: Based on current analysis, the security of patient information appears to have been maintained. Hard-working, dedicated clinical teams and staff have maintained focus on the delivery of compassionate and quality care to our patients. 

FCR: What is the status of the IT investigation?

RM: The decryption process – including data testing and validation – continues toward the goal of full network restoration. The team anticipates that systems will be up by the end of this week. 

FCR: Has anyone identified the hackers or what kind of malware or ransomware they were using?

RM: That is part of the decryption process. Dedicated teams across St. Mark’s and Community Hospital Corporation have been working with outside computer experts and sources to resolve this issue efficiently and effectively.