Hospitals within the network of the Baltimore-Washington area’s second largest health care provider are still reeling from a cyberattack that paralyzed their email and patient record databases and systems.
Since early Monday, hackers have effectively crippled MedStar Health’s computer system with a virus, forcing the hospital chain to shut down its record systems for thousands of doctors and patients. The attack paralyzed operations, where patients were unable to book appointments and doctors’ staff were locked out of their email accounts.
Four days after, things are not yet completely back to normal.
“Our electronic medical records system is working. Individual work stations may not be working,” says MedStar spokesperson Ann Nickels in a Washington Post report last Wednesday.
In a statement, the $5 billion organization said that the three main clinical information systems backing patient care are on the way to being fully restored, and that “enhanced functionality” continues to be integrated to other systems.
The restoration depends on what system and where one works on, according to staff. Stephen Frum, who has worked with MedStar for 15 years, recalled that “everything is off” in the inpatient units he knew of.
MedStar officials assured that their current level of care approximates normal volume levels, estimating that over 6,000 patients and 782 surgeries had been attended to since the problem erupted.
Their officials refused to dub the attack as “ransomware,” which is a virus holding systems hostage until the victim pays to regain access. Employees, though, were able to obtain an image of the ransom note that demanded 45 bitcoins or around $19,000 to get a digital key releasing the missing data.
The health care industry is particularly sensitive to ransomware attacks, with the FBI probing over 2,400 complaints of attacks costing about $24.1 million in 2015.
Reuters got hold of a confidential FBI advisory sent the previous week, a warning stating “We need your help!” and pertaining to the fight against new types of ransomware known as MISL and SAMAS. These infect entire systems versus only individual ones.
The nature of the health care environment is believed to boost threats of this kind.
“[I]t’s not only the very broad technology base that they’re working with, but it’s also relatively new. And it’s an environment where they are often forced to give open access to large communities of people, some of which are health care staff, others are visitors that are involved in the entire environment they’re working in,” explains Christopher Ensey, COO of cyber security firm Dunbar to LA Post Examiner.
MedStar maintained that no patient information has been compromised in its current situation.