Exactly, The article is grossly over-reacting, or the hotel management is. The key locks in the invididual doors are simply battery-operated and have absolutely no connection to any other system whatsoever. They are simply pre-programmed with a hardcoded ID. The key cards inserted must match this id, and the time, and that will open the door. Programming of the key happens at the reception, and that's where this hotel was clearly vulnerable, probably by connecting it to the internet. When this system is compromised, hotel staff is no longer able to write to the key cards, which is disastrous enough for them to cave in to the blackmailers.
Anyone in a hotel room can, at any time, open the door however. You'll never get systems passed by fire safety rules if they didn't.
Here's a manual of such a system: http://www.elock2u.net/wp-content/uploads/2016/04/Hotel-Lock-System-Manual.pdf