The Hollywood Presbyterian Medical Center ended up deciding to pay $17,000 in ransom after network computers with their Electronic Medical Records were hit by a ransomware attack. It’s a little unnerving that the hospital did not seem to have any backups, and that 10 days elapsed from the time the data was locked up.
I’m also skeptical when they say that “patient data was not compromised in any way.” If the attackers were able to encrypt the data, they probably had direct access to all of the data and could have stolen it for later use in fraudulent activities, before encrypting it. It’s possible that all the data was already encrypted by the hospital, but I doubt that this was the case if they had no backup safeguards in place.
Here’s an article by Ars Technical that gives more details.