MedStar Health Inc., a not-for-profit healthcare organization that operates ten hospitals and over 120 facilities in the Washington D.C. metropolitan/Baltimore area, announced on March 28, 2016 that it had to take down all system interfaces as a precaution to prevent a virus from spreading throughout its IT systems. According to the statement MedStar released, they have no evidence that any data was compromised, but there have been unconfirmed reports that the incident may be a ransomware attack.
At this point, there is very little information on the breach, as MedStar’s and the FBI’s investigation ar in its early stages. The attack on MedStar comes just weeks after two other similar attacks on hospitals, one in Los Angeles and another in Kentucky. Both of these hospital’s network systems were attacked with ransomware. The Los Angeles hospital actually paid the ransom demanded by the hackers in the amount of $17,000 in bitcoins.
There have been unsubstantiated claims by two unnamed employee sources at MedStar that some employee computer screens contained ransom messages, but a spokeswoman for MedStar, Ann Nickels said she had “not been told that it’s a ransom situation”.
Ransomware is a particular type of virus or malware that cyber criminals deploy in various methods. Typically this type of malware prevents the victim from accessing their computer systems, the hackers then demand the target of the attack pay a ransom, sometimes in bitcoin, to be able to access their systems again or retrieve their stolen data files.
Once ransomware has infected a computer’s operating systems it will disable the systems either by locking the computer screen with a full screen image (of the hackers choice) which contains a notification that they have been hacked and the ransom demand instructions or it will encrypt selected files with a password.
MedStar has not divulged much about the breach, but from the statements the company spokeswoman Ann Nickels made, it would appear they have regained control of their network systems after being shut down for more than 24 hours and relying on paper accounting during the cyber assessment period. As the investigation continues there likely will be much more on this cyber intrusion to come.
On April 1, 2016, MedStar posted an update on the cyber attack:
Thanks to the around-the-clock dedication and expertise of MedStar Health’s IT team and cybersecurity partners working with them, we continue to restore our computer network.
As of Friday morning, we were approaching 90 percent functionality of our systems. Our three main clinical information systems supporting patient care—the inpatient Electronic Health Record (EHR), outpatient EHR, and our registration and scheduling system—are functioning. Numerous other systems are also back online, and we are working on the remaining clinical and administrative systems that connect to our network and are resolving unique, site-specific issues on a real-time basis.
In support of our mission, we focused our IT energies on systems related to direct patient care. Forensic work of MedStar IT systems have shown no evidence that patient or associate information or data have been compromised. The confidentiality of information is among our greatest priorities, and our IT experts will continue to focus on this important issue.
We continue to provide clinical care at volumes approximating a normal week. Thousands of patients throughout the region have been cared for by MedStar, and we cannot emphasize enough our appreciation for their support and understanding. The teamwork we have experienced among our 31,000 associates is outstanding.
Additional Resources About This Breach: