MedStar Health Hit by Possible Ransomware Attack

Written by

Yet another healthcare organization has apparently been hit with ransomware. MedStar Health, a large healthcare provider in Maryland and Washington D.C., was forced to disable their network this week after malware infected several systems.

MedStar operates 10 hospitals and more than 200 outpatient offices. According to a statement from MedStar, early Monday morning, their network was "affected by a virus" preventing access to their systems. For now, employees are using pen and paper to get their work done.

"MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization,” it said in a statement. “We are working with our IT and cybersecurity partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back-up systems [and] paper transactions where necessary.”

A hospital staffer told the Washington Post that a pop-up appeared on a computer warning of infection and demanding payment. But officially, MedStar has not confirmed a ransomware infection.

In the last few weeks, ransomware has hit a number of medical organizations including the Hollywood Presbyterian Medical Center, the Chino Valley Medical Center, the Desert Valley Hospital, and Methodist Hospital in Henderson, Ky.

“Seculert's customers in the healthcare segment have told us repeatedly that ransomware is a major concern for them given the nature of the data they manage,” said Richard Greene, Seculert CEO, via email. “Losing access to it can be more than an annoyance, it can actually affect the speed and quality of care they are able to provide.”

Greene noted that the ultimate doomsday scenario has yet to happen—but that IT should be aware of it.

“Their biggest worry is getting attacked by ransomware with the ability to jump from an endpoint to a backup repository,” he said. “Then they’d be truly vulnerable. We haven’t seen this type of attack yet, but the sophisticated providers recognize it’s only a matter of time before they do see this kind of attack. So, they believe that it’s critical to have effective prevention and detection solutions in place before that happens.”

Photo © Juan Nel

What’s hot on Infosecurity Magazine?