When staff at Hollywood Presbyterian Medical Center arrived at work on February 5, 2016, they found their entire computer network crippled by ransomware. Ten days later, the Los Angeles hospital made a decision that would ignite a fierce debate about cybersecurity, healthcare vulnerability, and the role of Bitcoin in facilitating extortion — it paid the hackers 40 bitcoins, roughly $17,000 at the time.
TL;DR
- Hollywood Presbyterian Medical Center paid 40 bitcoins (~$17,000) to ransomware hackers who locked its systems for 10 days
- The attack began on February 5, 2016, forcing staff to revert to fax machines and pen-and-paper record keeping
- The FBI confirmed it was investigating the breach but federal policy generally discourages paying ransoms
- Ransomware attacks had surged from 100,000 in January 2013 to 600,000 by end of that year, according to Symantec
\li>Hospital CEO Allen Stefanek said paying was “the quickest and most efficient way to restore our systems”
The Attack That Paralyzed a Hospital
Hollywood Presbyterian Medical Center, a 434-bed facility in the heart of Los Angeles, first detected the disruption to its computer systems on February 5. Hackers had deployed ransomware — malicious software that encrypts files and demands payment for the decryption key. The demand was specific: 40 bitcoins, worth approximately $17,000 at the prevailing exchange rate of around $422 per BTC.
For more than a week, the hospital operated in crisis mode. Industrial nurses reverted to using fax machines to communicate. Patient notes were recorded with pen and paper. Critical health data — everything from patient records to information surgeons needed in operating rooms — was locked behind encryption that only the attackers could undo.
The Decision to Pay
On Wednesday, February 17, hospital president and CEO Allen Stefanek announced that the institution had paid the ransom. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom,” Stefanek said in a statement. “In the best interest of restoring normal operations, we did this.”
The decision was not taken lightly. Federal investigators routinely discourage victims from paying ransoms, arguing that doing so only incentivizes further attacks. The FBI confirmed it was investigating the breach, though it remained unclear what role, if any, the agency played in the hospital’s decision-making process. At the time, Bitcoin traded at approximately $422, making the 40-bitcoin ransom a relatively modest sum compared to the potential cost of prolonged system downtime at a major medical facility.
How Ransomware Works
The attack on Hollywood Presbyterian followed what security experts described as a straightforward pattern. Ryan Kalembar, senior vice president for cybersecurity strategy at Proofpoint, explained the typical three-step process: hackers send what appears to be a routine email — perhaps a bill or invoice — with a file attachment, often a Word document. When the recipient clicks on the document and enables content, the ransomware begins encrypting files with a key that only the attackers possess.
“It started out with just individuals, like it would go after your hard drive or family pictures, and the warning would be, ‘These will be lost forever unless you pay me,'” Peter Tran, general manager and senior director at RSA, told CBS News. “However, now the hackers’ demand to use bitcoin, this virtual currency that is unregulated and relatively untraceable — well, you look at it and you think, ‘It’s about time they started doing this.'”
A Growing Threat to Critical Infrastructure
The Hollywood Presbyterian case was not an isolated incident. At least two small Massachusetts police departments had previously paid ransomware hackers after losing access to their files. But the targeting of a major hospital represented what security experts called a dangerous escalation. The implications extended beyond mere inconvenience — when medical devices and patient data are locked up, the consequences can be life-threatening.
According to a 2014 report by antivirus software maker Symantec, the number of ransomware attacks had surged dramatically, increasing from 100,000 in January 2013 to 600,000 by the end of that year. The trend was accelerating, and Bitcoin was becoming the payment method of choice for cybercriminals operating primarily out of Eastern Europe.
Bitcoin Under the Spotlight
The incident thrust Bitcoin back into the mainstream media conversation, though not for reasons that advocates of the digital currency welcomed. At a time when Bitcoin was struggling to shake off its association with the Silk Road marketplace and other criminal enterprises, a high-profile ransom payment made international headlines. Bitcoin was trading at approximately $422 with a market capitalization of around $6.4 billion, still a nascent asset by most measures but increasingly featured in stories about cybercrime.
The irony was not lost on the cryptocurrency community. The same blockchain transparency that would later enable companies like Chainalysis to track criminal transactions was, in 2016, still largely unknown to law enforcement. Just one day after the hospital payment was revealed, Chainalysis would announce its landmark partnership with Europol — a coincidence that underscored the growing tension between Bitcoin’s promise of financial freedom and its vulnerability to exploitation by bad actors.
Why This Matters
The Hollywood Presbyterian ransomware attack was one of the first high-profile cases of a major institution paying a Bitcoin ransom, and it set a precedent that would be repeated countless times in the years that followed. Ransomware attacks on hospitals, municipalities, and critical infrastructure would escalate dramatically, with ransom demands growing from thousands to millions of dollars. The incident highlighted the urgent need for robust cybersecurity in healthcare settings and contributed to the broader conversation about regulating cryptocurrency. For Bitcoin at $422, this was an early warning sign that the technology’s dual-use nature — empowering for individuals, dangerous in the wrong hands — would be a defining challenge for the industry.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Past events and historical prices should not be used as indicators of future performance.
40 btc was only $17k back then. wonder how many hospitals have paid way more since
scrubbed_99 hospitals have paid millions since. the average ransomware payment in healthcare hit $1.5M by 2024. $17k in BTC was the opening bid
scrubbed_99 average healthcare ransomware payment hit $1.5M by 2024 and it keeps climbing. hospitals pay because downtime literally kills people, attackers know this
CEO calling it quickest and most efficient is wild. basically admitting their backup strategy was nonexistent
^ worked in hospital IT for 3 years. can confirm most systems are held together with duct tape and prayers
600k ransomware attacks by end of 2013 and we still act surprised every time a new one hits. nothing changed
Marcus J. we went from 600k attacks to ransomware being a multi-billion dollar industry. the problem got worse not better. hospitals are still soft targets
CEO calling it quickest and most efficient way to restore systems is exactly what ransomware operators want to hear. paying always funds the next attack
40 BTC at $17K feels quaint now. that same ransom today would be over $4 million. the economics of ransomware only got worse from here
patch_ghost 40 BTC feels quaint until you realize the same attack today would demand 50-100 BTC and hospitals would still pay because their backups are nonexistent
the real scandal is that in 2026 hospitals STILL run unpatched windows servers with no segmented networks. ransomware is a people problem not a tech problem