Skip to content Skip to navigation

Report: MedStar Health Hack Confirmed to be Ransomware Attack

March 31, 2016
by Rajiv Leventhal
| Reprints

The attack of the clinical information systems of the 10-hospital, Columbia, Md.-based MedStar Health integrated health system on March 28 included a digital ransom note, according to a new report from The Baltimore Sun.

The hack, broken first by The Washington Post, forced the health system’s leaders to shut down their electronic health record (EHR) and e-mail system, marking a new watershed moment in the recent history of hacking-based EHR and clinical information system shutdowns in U.S. hospitals, as reported by Healthcare Informatics on March 28. MedStar operates 10 hospitals and more than 250 outpatient facilities in the Washington region, serving hundreds of thousands of patients while employing more than 30,000 people.

In the days following the attack, MedStar Health issued a statement that “the three main clinical information systems supporting patient care are moving to full restoration.” MedStar Health also reported on March 30 “enhanced functionality continues to be added to other systems.” At the time of the health system’s statement on Wednesday, there had been no comment from MedStar Health officials about whether the malware is in fact ransomware.

But now, The Baltimore Sun is reporting that the hackers who locked up data on MedStar's computers are indeed demanding ransom to begin unlocking it. What’s more, they're offering a bulk discount to release all of it, according to a copy of the demands obtained by The Baltimore Sun. The hackers, who have encrypted the data so MedStar users cannot retrieve it, are seeking payment in bitcoins, according to the Sun’s report.

The specifics of the deal proposed by the hackers is this: Send 3 bitcoins—$1,250 at current exchange rates—for the digital key to unlock a single infected computer, or 45 bitcoins— about $18,500—for keys to all of them, report said. It's unclear whether 45 bitcoins would unlock all data throughout MedStar, or whether each of several sections of the network would require a separate 45-bitcoin payment, according to the report, which added that the ransom note appeared when users in the MedStar system tried to open files on their computers.

A Baltimore doctor interviewed in the report, speaking on the condition of anonymity because he was not authorized to discuss the attack publicly, said it had hit every computer on the network. As such, a Fox News report on March 31 confirmed that the healthcare provider is still experiencing widespread computer outages. Many doctors and nurses throughout MedStar are still unable to enter patient data and other medical information into the network’s computer systems, according to Fox News.

Indeed, the healthcare industry is getting far too used to the term “ransomware.” Just in recent months, Los Angeles-based Hollywood Presbyterian Medical Center paid hackers $17 million to restore its clinical information systems. Last week, Methodist Hospital, based in Henderson, Kentucky, also was subject to a ransomware attack, though in that case, NBC 14 News reported that no ransom was paid by the hospital.

To this end, in a recent interview with Healthcare Informatics, Mac McMillan, CEO of the Austin, Tex.-based CynergisTek consulting firm, a well-known figure in healthcare IT, and a widely respected healthcare IT security expert, said that he doesn’t visit a hospital now that doesn’t say to him that they have had two or three ransomware attacks or incidents. “I think that the threat is going to continue to increase in the next few years in a big way,” McMillan said, adding that part of the solution would be to have a monitoring service monitoring your systems 24/7—a security operations center, or “SOC.”



Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.

AHRQ Developing New Patient Safety Surveillance Tool

With the aim of improving patient safety monitoring, the Agency for Healthcare Research and Quality (AHRQ) within the U.S. Department of Health and Human Services (HHS) is currently developing and testing an improved patient safety surveillance system.

Gates Foundation Awards $210M to UW's Population Health Initiative

The Bill and Melinda Gates Foundation is awarding $210 million to Seattle-based University of Washington’s Population Health Initiative, with the funds going toward the construction of a new building to serve as the initiative’s hub.

AHA Offers Interoperability Standards Recommendations to ONC

The American Hospital Association (AHA) has offered feedback to the ONC on the agency’s draft Interoperability Standards Advisory (ISA) that it issued in August.

Survey: Healthcare Orgs Not Taking Mobile Security Seriously Enough

More than half (56 percent) of healthcare professionals believe their organization could be doing more to educate employees on HIPAA compliance and the rules around sharing protected health information.

Mount Sinai’s Research Arm Using Data Analytics to Address Health Inequities

The Arnhold Institute for Global Health at the Icahn School of Medicine at Mount Sinai is partnering with DigitalGlobe to create the Health Equity Atlas Initiative (ATLAS), a platform that standardizes and maps population data in order to generate insights that address health inequities.