When staff at Hollywood Presbyterian Medical Center arrived at work on February 5, 2016, they found their entire computer network crippled by ransomware. Ten days later, the Los Angeles hospital made a decision that would ignite a fierce debate about cybersecurity, healthcare vulnerability, and the role of Bitcoin in facilitating extortion — it paid the hackers 40 bitcoins, roughly $17,000 at the time.
TL;DR
- Hollywood Presbyterian Medical Center paid 40 bitcoins (~$17,000) to ransomware hackers who locked its systems for 10 days
- The attack began on February 5, 2016, forcing staff to revert to fax machines and pen-and-paper record keeping
- The FBI confirmed it was investigating the breach but federal policy generally discourages paying ransoms
- Ransomware attacks had surged from 100,000 in January 2013 to 600,000 by end of that year, according to Symantec
\li>Hospital CEO Allen Stefanek said paying was “the quickest and most efficient way to restore our systems”
The Attack That Paralyzed a Hospital
Hollywood Presbyterian Medical Center, a 434-bed facility in the heart of Los Angeles, first detected the disruption to its computer systems on February 5. Hackers had deployed ransomware — malicious software that encrypts files and demands payment for the decryption key. The demand was specific: 40 bitcoins, worth approximately $17,000 at the prevailing exchange rate of around $422 per BTC.
For more than a week, the hospital operated in crisis mode. Industrial nurses reverted to using fax machines to communicate. Patient notes were recorded with pen and paper. Critical health data — everything from patient records to information surgeons needed in operating rooms — was locked behind encryption that only the attackers could undo.
The Decision to Pay
On Wednesday, February 17, hospital president and CEO Allen Stefanek announced that the institution had paid the ransom. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom,” Stefanek said in a statement. “In the best interest of restoring normal operations, we did this.”
The decision was not taken lightly. Federal investigators routinely discourage victims from paying ransoms, arguing that doing so only incentivizes further attacks. The FBI confirmed it was investigating the breach, though it remained unclear what role, if any, the agency played in the hospital’s decision-making process. At the time, Bitcoin traded at approximately $422, making the 40-bitcoin ransom a relatively modest sum compared to the potential cost of prolonged system downtime at a major medical facility.
How Ransomware Works
The attack on Hollywood Presbyterian followed what security experts described as a straightforward pattern. Ryan Kalembar, senior vice president for cybersecurity strategy at Proofpoint, explained the typical three-step process: hackers send what appears to be a routine email — perhaps a bill or invoice — with a file attachment, often a Word document. When the recipient clicks on the document and enables content, the ransomware begins encrypting files with a key that only the attackers possess.
“It started out with just individuals, like it would go after your hard drive or family pictures, and the warning would be, ‘These will be lost forever unless you pay me,'” Peter Tran, general manager and senior director at RSA, told CBS News. “However, now the hackers’ demand to use bitcoin, this virtual currency that is unregulated and relatively untraceable — well, you look at it and you think, ‘It’s about time they started doing this.'”
A Growing Threat to Critical Infrastructure
The Hollywood Presbyterian case was not an isolated incident. At least two small Massachusetts police departments had previously paid ransomware hackers after losing access to their files. But the targeting of a major hospital represented what security experts called a dangerous escalation. The implications extended beyond mere inconvenience — when medical devices and patient data are locked up, the consequences can be life-threatening.
According to a 2014 report by antivirus software maker Symantec, the number of ransomware attacks had surged dramatically, increasing from 100,000 in January 2013 to 600,000 by the end of that year. The trend was accelerating, and Bitcoin was becoming the payment method of choice for cybercriminals operating primarily out of Eastern Europe.
Bitcoin Under the Spotlight
The incident thrust Bitcoin back into the mainstream media conversation, though not for reasons that advocates of the digital currency welcomed. At a time when Bitcoin was struggling to shake off its association with the Silk Road marketplace and other criminal enterprises, a high-profile ransom payment made international headlines. Bitcoin was trading at approximately $422 with a market capitalization of around $6.4 billion, still a nascent asset by most measures but increasingly featured in stories about cybercrime.
The irony was not lost on the cryptocurrency community. The same blockchain transparency that would later enable companies like Chainalysis to track criminal transactions was, in 2016, still largely unknown to law enforcement. Just one day after the hospital payment was revealed, Chainalysis would announce its landmark partnership with Europol — a coincidence that underscored the growing tension between Bitcoin’s promise of financial freedom and its vulnerability to exploitation by bad actors.
Why This Matters
The Hollywood Presbyterian ransomware attack was one of the first high-profile cases of a major institution paying a Bitcoin ransom, and it set a precedent that would be repeated countless times in the years that followed. Ransomware attacks on hospitals, municipalities, and critical infrastructure would escalate dramatically, with ransom demands growing from thousands to millions of dollars. The incident highlighted the urgent need for robust cybersecurity in healthcare settings and contributed to the broader conversation about regulating cryptocurrency. For Bitcoin at $422, this was an early warning sign that the technology’s dual-use nature — empowering for individuals, dangerous in the wrong hands — would be a defining challenge for the industry.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Past events and historical prices should not be used as indicators of future performance.
434 bed hospital reduced to fax machines and pen and paper for 10 days. if thats not a wake up call for healthcare IT i dont know what is
40 BTC = $17,000 then. Those same coins are worth millions now. Hope the hackers held.
Stefanek calling it the quickest way to restore systems is exactly why ransomware keeps working. Paying just funds the next attack.
^this. and the FBI saying dont pay while simultaneously not offering any alternative. what were they supposed to do, let patients die?
Symantec reported ransomware going from 100K to 600K incidents in one year and hospitals were still running unpatched windows. unreal