An internet television program that explores the intersection of medicine and the law.

Should Hospitals Negotiate with Hackers if Hit with Ransomware?

By Tom Andre, VP of Information Services at Cooperative of American Physicians (CAP) to Risk Management


What You Need to Know: Hospital Ransomware Attacks

Our guest on Healthcare Matters is Tom Andre, VP of Information Services at Cooperative of American Physicians (CAP). In part 6 of our What You Need to Know: Hospital Ransomware Attacks, we ask Mr. Andre if hospitals should negotiate with hackers that infect their systems with ransomware? Our government has made it clear that they do not negotiate with terrorists, is this the same or similar? We also ask Mr. Andre how likely these hackers are to be caught. This information is important in the wake of the numerous hospital attacks occurring all around the country, including the attack on Hollywood Presbyterian Medical Center.

This is only one of the many questions we asked Mr. Andre about cyber security and how healthcare facilities can protect themselves. Check out all of them here:

  1. Explaining the Recent Ransomware Attacks on Hospitals
  2. Top Two Risks a Hospital Faces in a Malware Attack
  3. How Common are Ransomware Attacks on Hospitals?
  4. The Surprising Ways a Hospital can be Infected with Ransomware
  5. Risk Management Tips for Hospitals to Avoid Ransomware Attacks
  6. Should Hospitals Negotiate with Hackers if Hit with Ransomware?
  7. Protecting Patient Data During Hospital Ransomware Attacks
  8. Full Interview with Tom Andre: What You Need to Know: Hospital Ransomware Attacks


Mike Matray: The United States government doesn’t pay ransoms to terrorists because they believe it will increase future hostage taking. Do you believe that since Hollywood Presbyterian paid to regain access to its computer system, we can expect an increase in this type of a ransom attack in the future?

Tom Andre: Well, it’s hard to get inside the criminal mind, but I think after 9-11 when the intelligence agencies were accused of having a failure of imagination, I think we all have to use our imagination of what could possibly happen. You know, they may be looking to up their game in some ways. They may see that, “Okay, Hollywood Presbyterian, here’s a hospital, they paid $17,000.

You know, maybe we can get more than the usual $500 if we do a focused attack on specific organizations.” But in this case, it has all the hallmarks of a random attack, that it doesn’t look like they were specifically targeted. The end result is they were still down for several days and they had to pay a ransom to get their information back.

From what I’ve been reading about the Ransomware attacks, they’re becoming more sophisticated. It used to be they would go after what’s called a mapped network drive, like a D Drive, an E Drive. And now some of the strains can penetrate even further into the network to other types of network shares. So, I’m sure they’re going to be upping their game as time goes on, looking for higher value targets. We just have to be prepared for that possibility and do what we can to stay aware of it and protect against them.

Mike Matray: Okay. What are the chances that these cyber criminals are going to be caught?

Tom Andre: I would say it’s probably unlikely. I think a lot of them are operating offshore. They mask themselves fairly well. The ransoms are paid in bitcoin, which is difficult to trace. When you contact them, it’s not like you go to their website and you put your credit card in and it’s a published website. They use a special type of browser called Tor, T-O-R, which one of its purposes is to maintain anonymity on the network.

So, chances are, they won’t be caught. At best, it’s possible, in some Ransomware cases, they’ve recognized which internet addresses some of these attacks were coming from and where the payments were getting made from. They’ve been able to shut those servers down. If it’s offshore, if it’s in a country that’s not necessarily one of our best friends, chances are, the best they can do is maybe shut down access.