{
	"id": "3847c574-222a-4dd5-a65a-ba53bf0363ea",
	"created_at": "2026-04-06T00:08:55.451799Z",
	"updated_at": "2026-04-10T03:30:33.7449Z",
	"deleted_at": null,
	"sha1_hash": "5835fb4e102a8fd9293f5d05c30d5864d9b7a5dc",
	"title": "Hollywood hospital becomes ransomware victim",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 583868,
	"plain_text": "Hollywood hospital becomes ransomware victim\r\nBy Charlie Osborne\r\nPublished: 2016-02-15 · Archived: 2026-04-05 21:53:36 UTC\r\nAn example of a ransomware-locked system screen.\r\nA cyberattack launched against the Hollywood Presbyterian Medical Center has forced staff to declare an \"internal\r\nemergency\" and left employees unable to access patient files.\r\nAccording to NBC, the Southern California hospital has been left unable to practice its usual day-to-day\r\noperations. The hospital's president and CEO Allen Stefanek said \"significant IT issues\" were discovered last\r\nweek, leading to emergency measures including calling for the assistance of the FBI, Los Angeles Police\r\nDepartment (LAPD) and cyberforensics experts.\r\nAn unnamed doctor at the hospital said that the system was hacked and \"held for ransom,\" which suggests\r\nransomware was put into play. This particular breed of malware, usually spread through phishing campaigns and\r\nmalicious downloads, installs itself on victim machines in order to encrypt system files.\r\nOnce a PC is infected, the system is locked and a warning message comes into play, telling the user that they have\r\na time limit before their files are lost forever, and in order to decrypt these files, they must pay a fee -- usually in a\r\ncryptocurrency such as Bitcoin to make tracking cybercriminals difficult.\r\nIt is not currently known if patient or employee information was compromised in the attack, but if ransomware\r\nwas the core source of the attack, the main reason for the cyberattack would have been to secure the ransom\r\npayment rather than steal data belonging to the hospital.\r\nhttps://www.zdnet.com/article/hollywood-hospital-becomes-ransomware-victim/\r\nPage 1 of 2\n\nStefanek admitted the emergency section of the hospital has been \"sporadically impacted\" since Friday, and the\r\ndoctor said email services, in particular, were taken down. As medical records including patient details, X-rays,\r\nCT scans and lab work could not be accessed, this has made the situation very dangerous for patients.\r\nAs a result, a number of patients have not been able to receive treatment and some have been transported to other\r\nhospitals.\r\nMedical staff have been relying on fax machines and telephones as the week-long outage continues to wreak\r\nhavoc, which had led to a decrease in efficiency and an inability, in some cases, to safely help patients.\r\nFox asked for additional details of the cyberattack from computer forensics expert Eric Robi, who said the ransom\r\nwas extremely high in this case and may have been for up to 9,000 Bitcoin, or the equivalent of approximately\r\n$3.6 million.\r\nThis type of ransom is far higher than what attackers usually demand -- especially as ransomware is often found\r\non individual PCs having been spread through phishing campaigns -- but the high-profile of the hospital and\r\nurgency to unlock files intact may have led to such a steep demand.\r\nAt the Kaspersky Security Analyst Summit (SAS) in Tenerife, Spain, security expert Sergey Lozhkin\r\ndemonstrated how easy it is to compromise medical networks and equipment through simple, elegant hacks --\r\nmade possible through almost universal poor security, unprotected Wi-Fi networks and outdated firmware.\r\nRead on: Top picks\r\nPort Fail VPN security flaw exposes your true IP address\r\nDealers hit Volkswagen with class action lawsuits over emissions scandal\r\nBug bounties: Which companies offer researchers cash?\r\nYour business has suffered a data breach. Now what?\r\nSource: https://www.zdnet.com/article/hollywood-hospital-becomes-ransomware-victim/\r\nhttps://www.zdnet.com/article/hollywood-hospital-becomes-ransomware-victim/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/hollywood-hospital-becomes-ransomware-victim/"
	],
	"report_names": [
		"hollywood-hospital-becomes-ransomware-victim"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434135,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5835fb4e102a8fd9293f5d05c30d5864d9b7a5dc.pdf",
		"text": "https://archive.orkl.eu/5835fb4e102a8fd9293f5d05c30d5864d9b7a5dc.txt",
		"img": "https://archive.orkl.eu/5835fb4e102a8fd9293f5d05c30d5864d9b7a5dc.jpg"
	}
}