As per media report appearing in USA, on 15 February 2016, a Los Angeles hospital was completely paralysed by cyber attacks. The reports stated that some hackers broke into the Hollywood Presbyterian Medical Center’s servers and took control over its computers systems. As a result of the hack attack, medical records that showed patients’ treatment history became inaccessible to doctors and results of X-rays, CT scans, and other medical tests could not be shared. The hackers reportedly demanded over 9000 bitcoins, which is roughly about 3.6 million dollars to release the encryption keys of the computer systems that held patient data, X-Ray scans, CT scans and crucial lab work. As per some unconfirmed reports, the California hospital paid $17,000 in ransom to hackers to regain control of its computer system.
We are living in the information age where we completely depend on technology for all our routine activities. The world is slowly migrating towards “Internet of things” where each device we use will be connected to other devices. With such high level of automation and networking, systems will become even more vulnerable to cyber kidnapping for ransom. Though this may have been the first ransom cyber attack which has come to public view, my analysis is that, there are hundreds of such attacks which take place every year but do not come into public domain as the organisations do not want to lose their credibility by reporting these attacks.
This case of cyber kidnapping, where critical data is held as hostage clearly indicates the vulnerability of our data. While this was just a hospital which was held to ransom, we are not far from a time where perhaps a nation may be held at ransom. Can we afford it? The answer is obviously No. We therefore need to invest into data protection in a big way. Unless personal and public data is protected like we protect money in vaults, individuals, organisations and even the nation may become victim of cyber kidnapping soon.