MedStar Hospitals Paralyzed After Hackers Take Out Computer System

A sign designates an entrance to the MedStar Georgetown University Hospital in Washington, Monday, March 28, 2016. Hackers crippled computer systems at a major hospital chain, MedStar Health Inc., on Monday, forcing... A sign designates an entrance to the MedStar Georgetown University Hospital in Washington, Monday, March 28, 2016. Hackers crippled computer systems at a major hospital chain, MedStar Health Inc., on Monday, forcing records systems offline for thousands of patients and doctors. The FBI said it was investigating whether the unknown hackers demanded a ransom to restore systems. (AP Photo/Molly Riley) MORE LESS
Start your day with TPM.
Sign up for the Morning Memo newsletter

WASHINGTON (AP) — Modern medicine in the Washington area reverted to 1960s-era paper systems when one of the largest hospital chains was crippled by a virus that shuttered its computers for patients and medical staff.

The FBI said it was investigating the paralyzing attack on MedStar Health Inc., which forced records systems offline, prevented patients from booking appointments, and left staff unable to check email messages or even look up phone numbers.

The incident was the latest against U.S. medical providers, coming weeks after a California hospital paid ransom to free its infected systems using the bitcoin currency. A law enforcement official, who declined to be identified because the person was not authorized to discuss an ongoing investigation, said the FBI was assessing whether a similar situation occurred at MedStar.

“We can’t do anything at all. There’s only one system we use, and now it’s just paper,” said one MedStar employee who, like others, spoke on condition of anonymity because this person was not authorized to speak with reporters.

There were few signs of the attack’s effects easing late Monday, with one employee at Georgetown University Hospital saying systems were still down, and saying some managers had to stay late and come in early because of the disruptions.

Company spokeswoman Ann Nickels said she couldn’t say whether it was a ransomware attack. She said patient care was not affected, and hospitals were using a paper backup system.

But when asked whether hackers demanded payment, Nickles said, “I don’t have an answer to that,” and referred to the company’s statement.

MedStar operates 10 hospitals in Maryland and Washington, including the Georgetown hospital. It employs 30,000 staff and has 6,000 affiliated physicians.

Dr. Richard Alcorta, the medical director for Maryland’s emergency medical services network, said he suspects it was a ransomware attack based on multiple ransomware attempts on individual hospitals in the state. Alcorta said he was unaware of any ransoms paid by Maryland hospitals or health care systems.

“People view this, I think, as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus,” he said.

Alcorta said his agency first learned of MedStar’s problems about 10:30 a.m., when the company’s Good Samaritan Hospital in Baltimore called in a request to divert emergency medical services traffic from that facility. He said that was followed by a similar request from Union Memorial, another MedStar hospital in Baltimore. The diversions were lifted as the hospitals’ backup systems started operating, he said.

Some staff said they were made aware of the virus earlier, being ordered to shut off their computers entirely by late morning. One Twitter user posted a picture Monday he said showed blacked-out computer screens inside the emergency room of Washington Hospital Center, a trauma center in Northwest Washington.

Monday’s hacking at MedStar comes one month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment.

Hollywood Presbyterian Medical Center, which is owned by CHA Medical Center of South Korea, paid 40 bitcoins — or about $420 per coin of the digital currency — to restore normal operations and disclosed the attack publicly. That hack was first noticed Feb. 5, and operations didn’t fully recover until 10 days later.

Hospitals are considered critical infrastructure, but unless patient data is affected, there is no requirement to disclose such hackings even if operations are disrupted.

Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.

___

Dishneau reported from Hagerstown, Maryland.

___

Follow Jack Gillum on Twitter at https://twitter.com/jackgillum

Copyright 2016 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Latest News

Notable Replies

  1. If they’re caught, they should be draw and quartered and their heads stuck on pikes.

    Hey, just be glad I didn’t tell you what I really think of hackers. I mean they are almost as bad as insurance companies!

  2. Why would anyone click any attachment that hasn’t been screened by anti viral?

    As for, I guess that rule about employees not using hospital computers for non work purposes will be getting some teeth soon.

  3. Hackers have many avenues of attack that don’t rely on e-mail attachments at all.

  4. Avatar for danf danf says:

    The most effective hacks usually use social engineering. “Hello IT Bob? This is Director Jane. I’m on vacation but have been told that I need to remote in to finish filing our federal exemption paperwork. My account is locked because I haven’t updated my password. Can you change it to 123WXYZ? Thanks! You’re the best!” Or simply walk by one of the many publicly accessible PCs and plug in a key-logger/virus payload from a USB key. Sadly, it’s easy-peasy.

  5. Avatar for paulw paulw says:

    Hospitals and medical-device companies typically have horrible, horrible security. (Partly because doctors are too important to use real passwords or secure authentication tokens, partly because so does the rest of corporate america.)

    I want the ransomware asswipes heads on pikes, but I also want a random half-dozen of the top three management levels at Medstar to spend 5-10 in federal prison. Just to encourage the others.

Continue the discussion at forums.talkingpointsmemo.com

6 more replies

Participants

Avatar for system1 Avatar for paulw Avatar for imkmu3 Avatar for danf Avatar for dave48 Avatar for thepsyker Avatar for inversion Avatar for gr Avatar for dickweed Avatar for wjl

Continue Discussion
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Deputy Editor:
Editor at Large:
General Counsel:
Publisher:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: