MedStar Health Cyberattack Forces Computer Network Shutdown

By Richard Anderson

Ransomware attacks on hospitals have become much more common in 2016; however, the Medstar Health cyberattack could well be the most serious. Early on Monday morning, the health system discovered that some of its computers had been infected with a computer virus.

The infection was deemed to be so serious that the health system was forced to shut down its email system and EHR to prevent the infection from spreading. Physicians have been prevented from accessing patient medical records, and all members of staff were forced to give up email.

MedStar Health Cyberattack Affects 10 Hospitals and Over 250 Outpatient Facilities

In contrast to other recent malware-related cyberattacks on healthcare providers, this attack did not affect just one hospital. The entire health system has been affected. Medstar Health runs 10 hospitals and more than 250 outpatient facilities, and all locations are now having to resort to paper charts and communicating by phone, text message, and fax.

MedStar Health issued a statement to say that all of its facilities remain open and are fully functional, but the impact of the Medstar Health cyberattack could be considerable. Large hospitals have suffered ransomware attacks this year, but those attacks were on a different scale entirely. Medstar Health serves hundreds of thousands of patients and employs some 30,000 members of staff. All facilities may still be open, but considerable delays are to be expected and the effect of the attack could be felt for some time to come.

Currently, emails can’t be sent, appointments can’t be scheduled, and medical records cannot be accessed. The FBI has been alerted and an investigation launched, and IT partners and security experts have been brought in to help determine the nature of the attack, the extent to which computers and system have been affected, and to decide on the best way to deal with the attack.

The exact nature of the virus has not been disclosed to the media, so it is not known whether the virus is a data-stealer or a more serious infection. Given the number of ransomware attacks on hospitals in the past few weeks, there is a strong possibility ransomware may be involved in the MedStar Health cyberattack.

Ransomware May Be Involved

One internal source at a hospital run by MedStar Health reportedly spoke with a Washington Post reporter and said that some members of staff at the hospital had seen a pop up window on their computers saying data had been locked and a ransom needed to be paid.

Should that prove to be the case, there is no telling how much of a ransom the attackers will demand. Hollywood Presbyterian Hospital received a ransom demand for $17,000 to supply the security keys to unlock files encrypted by a ransomware infection in early February. That infection only affected a single hospital. A successful attack on this scale could prove to be much costlier to remediate.

Cybercriminal gangs, many of which operate out of Eastern Europe, have been changing their attack tactics in recent months and are now using ransomware to attack businesses. Ransomware can be used to extort money out of individual victims, but the value of business data means much higher ransom demands can be issued. In many cases, organizations have no choice but to give in to the demands in order to recover data. That is exactly what happened at Hollywood Presbyterian Hospital.

While data can often be recovered from backups, this is not always a straightforward process. The sophistication of new strains of ransomware can made data recovery impossible. Locky for example, a ransomware already used to attack U.S. hospitals, is capable of infecting computers and networked drives. Portable storage media, such as those used to store backup files, can also be encrypted.

The severity of the MedStar Health cyberattack is not yet known, but the spate of virus, malware, and ransomware infections reported by healthcare organizations so far this year should send a message to all healthcare organizations that protections against virus attacks need to be increased. The consequences for not doing so could be considerable.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news