Report: MedStar Health Hack Confirmed to be Ransomware Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: MedStar Health Hack Confirmed to be Ransomware Attack

March 31, 2016
by Rajiv Leventhal
| Reprints

The attack of the clinical information systems of the 10-hospital, Columbia, Md.-based MedStar Health integrated health system on March 28 included a digital ransom note, according to a new report from The Baltimore Sun.

The hack, broken first by The Washington Post, forced the health system’s leaders to shut down their electronic health record (EHR) and e-mail system, marking a new watershed moment in the recent history of hacking-based EHR and clinical information system shutdowns in U.S. hospitals, as reported by Healthcare Informatics on March 28. MedStar operates 10 hospitals and more than 250 outpatient facilities in the Washington region, serving hundreds of thousands of patients while employing more than 30,000 people.

In the days following the attack, MedStar Health issued a statement that “the three main clinical information systems supporting patient care are moving to full restoration.” MedStar Health also reported on March 30 “enhanced functionality continues to be added to other systems.” At the time of the health system’s statement on Wednesday, there had been no comment from MedStar Health officials about whether the malware is in fact ransomware.

But now, The Baltimore Sun is reporting that the hackers who locked up data on MedStar's computers are indeed demanding ransom to begin unlocking it. What’s more, they're offering a bulk discount to release all of it, according to a copy of the demands obtained by The Baltimore Sun. The hackers, who have encrypted the data so MedStar users cannot retrieve it, are seeking payment in bitcoins, according to the Sun’s report.

The specifics of the deal proposed by the hackers is this: Send 3 bitcoins—$1,250 at current exchange rates—for the digital key to unlock a single infected computer, or 45 bitcoins— about $18,500—for keys to all of them, report said. It's unclear whether 45 bitcoins would unlock all data throughout MedStar, or whether each of several sections of the network would require a separate 45-bitcoin payment, according to the report, which added that the ransom note appeared when users in the MedStar system tried to open files on their computers.

A Baltimore doctor interviewed in the report, speaking on the condition of anonymity because he was not authorized to discuss the attack publicly, said it had hit every computer on the network. As such, a Fox News report on March 31 confirmed that the healthcare provider is still experiencing widespread computer outages. Many doctors and nurses throughout MedStar are still unable to enter patient data and other medical information into the network’s computer systems, according to Fox News.

Indeed, the healthcare industry is getting far too used to the term “ransomware.” Just in recent months, Los Angeles-based Hollywood Presbyterian Medical Center paid hackers $17 million to restore its clinical information systems. Last week, Methodist Hospital, based in Henderson, Kentucky, also was subject to a ransomware attack, though in that case, NBC 14 News reported that no ransom was paid by the hospital.

To this end, in a recent interview with Healthcare Informatics, Mac McMillan, CEO of the Austin, Tex.-based CynergisTek consulting firm, a well-known figure in healthcare IT, and a widely respected healthcare IT security expert, said that he doesn’t visit a hospital now that doesn’t say to him that they have had two or three ransomware attacks or incidents. “I think that the threat is going to continue to increase in the next few years in a big way,” McMillan said, adding that part of the solution would be to have a monitoring service monitoring your systems 24/7—a security operations center, or “SOC.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.