Report: MedStar Health Hack Confirmed to be Ransomware Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: MedStar Health Hack Confirmed to be Ransomware Attack

March 31, 2016
by Rajiv Leventhal
| Reprints

The attack of the clinical information systems of the 10-hospital, Columbia, Md.-based MedStar Health integrated health system on March 28 included a digital ransom note, according to a new report from The Baltimore Sun.

The hack, broken first by The Washington Post, forced the health system’s leaders to shut down their electronic health record (EHR) and e-mail system, marking a new watershed moment in the recent history of hacking-based EHR and clinical information system shutdowns in U.S. hospitals, as reported by Healthcare Informatics on March 28. MedStar operates 10 hospitals and more than 250 outpatient facilities in the Washington region, serving hundreds of thousands of patients while employing more than 30,000 people.

In the days following the attack, MedStar Health issued a statement that “the three main clinical information systems supporting patient care are moving to full restoration.” MedStar Health also reported on March 30 “enhanced functionality continues to be added to other systems.” At the time of the health system’s statement on Wednesday, there had been no comment from MedStar Health officials about whether the malware is in fact ransomware.

But now, The Baltimore Sun is reporting that the hackers who locked up data on MedStar's computers are indeed demanding ransom to begin unlocking it. What’s more, they're offering a bulk discount to release all of it, according to a copy of the demands obtained by The Baltimore Sun. The hackers, who have encrypted the data so MedStar users cannot retrieve it, are seeking payment in bitcoins, according to the Sun’s report.

The specifics of the deal proposed by the hackers is this: Send 3 bitcoins—$1,250 at current exchange rates—for the digital key to unlock a single infected computer, or 45 bitcoins— about $18,500—for keys to all of them, report said. It's unclear whether 45 bitcoins would unlock all data throughout MedStar, or whether each of several sections of the network would require a separate 45-bitcoin payment, according to the report, which added that the ransom note appeared when users in the MedStar system tried to open files on their computers.

A Baltimore doctor interviewed in the report, speaking on the condition of anonymity because he was not authorized to discuss the attack publicly, said it had hit every computer on the network. As such, a Fox News report on March 31 confirmed that the healthcare provider is still experiencing widespread computer outages. Many doctors and nurses throughout MedStar are still unable to enter patient data and other medical information into the network’s computer systems, according to Fox News.

Indeed, the healthcare industry is getting far too used to the term “ransomware.” Just in recent months, Los Angeles-based Hollywood Presbyterian Medical Center paid hackers $17 million to restore its clinical information systems. Last week, Methodist Hospital, based in Henderson, Kentucky, also was subject to a ransomware attack, though in that case, NBC 14 News reported that no ransom was paid by the hospital.

To this end, in a recent interview with Healthcare Informatics, Mac McMillan, CEO of the Austin, Tex.-based CynergisTek consulting firm, a well-known figure in healthcare IT, and a widely respected healthcare IT security expert, said that he doesn’t visit a hospital now that doesn’t say to him that they have had two or three ransomware attacks or incidents. “I think that the threat is going to continue to increase in the next few years in a big way,” McMillan said, adding that part of the solution would be to have a monitoring service monitoring your systems 24/7—a security operations center, or “SOC.”



AHIMA Issues Cybersecurity Plan for Healthcare Organizations

Cyber attacks against the healthcare industry are growing at an accelerated pace, and to help healthcare organizations strengthen their cybersecurity programs and defend against a cyber attack, the American Health Information Management Association (AHIMA) recently released a 17-step cybersecurity plan.

Loma Linda University Medical Center Gets HIMSS Stage 7 Designation

Loma Linda University (LLU) Medical Center and other patient care facilities linked to the health system have achieved Stage 7 designation on HIMSS Analytics’ inpatient Electronic Medical Record Adoption Model (EMRAM).

HHS OIG Report Cites Concerns with MACRA Implementation

The U.S. Department of Health and Human Services (HHS) Office of the Inspector General issued a report of its review of the Centers for Medicare & Medicaid Services’ (CMS) management of the Quality Payment Program and cited specific concerns regarding the need for more specialized technical assistance for clinicians and program integrity efforts.

Cerner Files Protest over $62M EHR Contract Awarded to Epic

Cerner Corp. has filed a protest against rival EHR vendor Epic Systems following an “unfair bidding process and a possible conflict of interest” for a recent IT implementation contract awarded by the University of Illinois (UI) medical center.

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.