MedStar Georgetown
University Hospital
Courtesy: Wikimedia Commons
University Hospital
Courtesy: Wikimedia Commons
MedStar networks crippled by virus attack, FBI probes ransomware connection
March 29, 2016
by Thomas Dworetzky, Contributing Reporter
Yesterday, hackers once again showed just how vulnerable supposedly secure health care systems are, by unleashing a virus that brought computers systems down at MedStar Health.
“Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging in to our system,” a post yesterday on the firm's Facebook page announced. “MedStar acted quickly with a decision to take down all system interfaces, to prevent the virus from spreading throughout the organization. We are working with our IT and Cybersecurity partners to fully assess and address the situation.”
Medstar stressed in that post that “currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised.”
The FBI is checking into whether the crippling virus attack is ransomware. "People view this, I think, as a form of terrorism; [attackers] are attempting to extort money by attempting to infect them with this type of virus," observed Dr. Richard Alcorta, medical director for Maryland's emergency medical services network, according to WBAL TV.
The massive hospital chain had to turn back the clock and resort to paper records, according to the Washington Post. “We can’t do anything at all. There’s only one system we use, and now it’s just paper,” said one anonymous MedStar employee.
Some workers couldn't log in at all, but the system's clinics have stayed open, according to a statement issued by Medstar spokeswoman Ann Nickels, AP reported. As for the ransomware possibility she stated, "I don't have an answer to that," and referred to the company's statement.
The last three years has seen a huge increase in the ransomware issue, cybersecurity expert Steve Taormino told CBS Baltimore.
If it turns out MedStar has been hit for ransom, it further highlights the health risks associated with these information attacks. “It can be dangerous in the sense that doctors may not have the most updated medical data to help prescribe or help move patients forward,” Taormino said.
The Medstar breach is the latest in a growing list of attacks on health care systems. A month ago Hollywood Presbyterian hospital in Los Angeles had to give $17,000 to hackers who had infected their systems with an email attachment.
But paying up is no guarantee that a facility will get its network back — or that information hasn't been stolen. "Although most security experts and law enforcement personnel will advise against paying the ransom, many companies do pay, particularly if the information encrypted are, "'crown jewels' and hard to replace," a lawyer for the American Hospital Association lawyer noted on its site, according to the Baltimore Sun, adding that "it's important to understand there is never a guarantee that you will even get your data back, and the hackers now know you are willing to pay the ransom."
MedStar runs 10 hospitals in the Maryland and D.C. region, including MedStar Georgetown University Hospital. Its location have a staff of 30,000 and 6,000 affiliated physicians.
“Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging in to our system,” a post yesterday on the firm's Facebook page announced. “MedStar acted quickly with a decision to take down all system interfaces, to prevent the virus from spreading throughout the organization. We are working with our IT and Cybersecurity partners to fully assess and address the situation.”
Medstar stressed in that post that “currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised.”
The FBI is checking into whether the crippling virus attack is ransomware. "People view this, I think, as a form of terrorism; [attackers] are attempting to extort money by attempting to infect them with this type of virus," observed Dr. Richard Alcorta, medical director for Maryland's emergency medical services network, according to WBAL TV.
The massive hospital chain had to turn back the clock and resort to paper records, according to the Washington Post. “We can’t do anything at all. There’s only one system we use, and now it’s just paper,” said one anonymous MedStar employee.
Some workers couldn't log in at all, but the system's clinics have stayed open, according to a statement issued by Medstar spokeswoman Ann Nickels, AP reported. As for the ransomware possibility she stated, "I don't have an answer to that," and referred to the company's statement.
The last three years has seen a huge increase in the ransomware issue, cybersecurity expert Steve Taormino told CBS Baltimore.
If it turns out MedStar has been hit for ransom, it further highlights the health risks associated with these information attacks. “It can be dangerous in the sense that doctors may not have the most updated medical data to help prescribe or help move patients forward,” Taormino said.
The Medstar breach is the latest in a growing list of attacks on health care systems. A month ago Hollywood Presbyterian hospital in Los Angeles had to give $17,000 to hackers who had infected their systems with an email attachment.
But paying up is no guarantee that a facility will get its network back — or that information hasn't been stolen. "Although most security experts and law enforcement personnel will advise against paying the ransom, many companies do pay, particularly if the information encrypted are, "'crown jewels' and hard to replace," a lawyer for the American Hospital Association lawyer noted on its site, according to the Baltimore Sun, adding that "it's important to understand there is never a guarantee that you will even get your data back, and the hackers now know you are willing to pay the ransom."
MedStar runs 10 hospitals in the Maryland and D.C. region, including MedStar Georgetown University Hospital. Its location have a staff of 30,000 and 6,000 affiliated physicians.