Sen. Boxer asks FBI to explain its response to ransomware as hospitals fall victim to cybercriminals

Ransomware campaigns being waged at hospitals across the country have prompted Sen. Barbara Boxer, California Democrat, to ask the FBI to explain how its handling a rash of cyberattacks that are affecting health providers from coast to coast.

Ms. Boxer on Friday sent a letter to FBI Director James Comey to express what she said were “grave concerns” regarding ransomware infections befallen by hospitals as of late, including an attack last month that forced computer systems at more than 250 facilities in the Washington region to go offline.

Ransomware is a name applied to malicious software that seizes data from infected computers until a fee is coughed up to cybercriminals, usually in Bitcoin or similar crypto currency that can’t easily be traced. The FBI believes ransomware cost American companies and citizens at least $24 million in 2015, and attacks waged so far in 2016 suggest hackers are hardly leaving ransomware by the wayside.

The Hollywood Presbyterian Medical Center in Los Angeles paid cybercriminals nearly $17,000 to regain access to data that was seized during a ransomware attack in February, and doctors and nurses employed by MedStar Health in the Washington, D.C., region resorted to using paper and pen last month when ransomware infected hospital computers and entire systems shut down as a precaution.

“I am concerned that by hospitals paying these ransoms, we are creating a perverse incentive for hackers to continue these dangerous attacks,” Ms. Boxer said in Friday’s letter to the FBI chief.

“In your response to this letter, please provide information regarding the FBI’s efforts to investigate these crimes and indicate what steps you believe hospitals and other businesses can take to protect themselves both prior to and following a ransomware attack,” she added.

When the Hard Times Cafe in Rockville, Maryland, was infected with ransomware last month and forced to briefly close its doors, co-owner Bob Howard told WTOP that the FBI told him the bureau “can’t keep up” with ransomware cases.

“The advice is either pay the ransom or shut down your entire systems and rebuild from scratch. And that’s what we’re doing,” Mr. Howard recalled.

“The easiest thing may be to just pay the ransom,” Joseph Bonavolonta, a cyber agent with the FBI’s Boston office, said last year. “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”