Report: MedStar Health Hack Confirmed to be Ransomware Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: MedStar Health Hack Confirmed to be Ransomware Attack

March 31, 2016
by Rajiv Leventhal
| Reprints

The attack of the clinical information systems of the 10-hospital, Columbia, Md.-based MedStar Health integrated health system on March 28 included a digital ransom note, according to a new report from The Baltimore Sun.

The hack, broken first by The Washington Post, forced the health system’s leaders to shut down their electronic health record (EHR) and e-mail system, marking a new watershed moment in the recent history of hacking-based EHR and clinical information system shutdowns in U.S. hospitals, as reported by Healthcare Informatics on March 28. MedStar operates 10 hospitals and more than 250 outpatient facilities in the Washington region, serving hundreds of thousands of patients while employing more than 30,000 people.

In the days following the attack, MedStar Health issued a statement that “the three main clinical information systems supporting patient care are moving to full restoration.” MedStar Health also reported on March 30 “enhanced functionality continues to be added to other systems.” At the time of the health system’s statement on Wednesday, there had been no comment from MedStar Health officials about whether the malware is in fact ransomware.

But now, The Baltimore Sun is reporting that the hackers who locked up data on MedStar's computers are indeed demanding ransom to begin unlocking it. What’s more, they're offering a bulk discount to release all of it, according to a copy of the demands obtained by The Baltimore Sun. The hackers, who have encrypted the data so MedStar users cannot retrieve it, are seeking payment in bitcoins, according to the Sun’s report.

The specifics of the deal proposed by the hackers is this: Send 3 bitcoins—$1,250 at current exchange rates—for the digital key to unlock a single infected computer, or 45 bitcoins— about $18,500—for keys to all of them, report said. It's unclear whether 45 bitcoins would unlock all data throughout MedStar, or whether each of several sections of the network would require a separate 45-bitcoin payment, according to the report, which added that the ransom note appeared when users in the MedStar system tried to open files on their computers.

A Baltimore doctor interviewed in the report, speaking on the condition of anonymity because he was not authorized to discuss the attack publicly, said it had hit every computer on the network. As such, a Fox News report on March 31 confirmed that the healthcare provider is still experiencing widespread computer outages. Many doctors and nurses throughout MedStar are still unable to enter patient data and other medical information into the network’s computer systems, according to Fox News.

Indeed, the healthcare industry is getting far too used to the term “ransomware.” Just in recent months, Los Angeles-based Hollywood Presbyterian Medical Center paid hackers $17 million to restore its clinical information systems. Last week, Methodist Hospital, based in Henderson, Kentucky, also was subject to a ransomware attack, though in that case, NBC 14 News reported that no ransom was paid by the hospital.

To this end, in a recent interview with Healthcare Informatics, Mac McMillan, CEO of the Austin, Tex.-based CynergisTek consulting firm, a well-known figure in healthcare IT, and a widely respected healthcare IT security expert, said that he doesn’t visit a hospital now that doesn’t say to him that they have had two or three ransomware attacks or incidents. “I think that the threat is going to continue to increase in the next few years in a big way,” McMillan said, adding that part of the solution would be to have a monitoring service monitoring your systems 24/7—a security operations center, or “SOC.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.

Dignity Health, UCSF Health Partner to Improve the Digital Patient Experience

Dignity Health and UCSF Health are collaborating to develop a digital engagement platform that officials believe will provide information and access to patients when and where they need it as they navigate primary and preventive care, as well as more acute or specialty care.

Report: Digital Health VC Funding Surges to Record $4.9 Billion in 2018

Global venture capital funding for digital health companies in the first half of 2018 was 22 percent higher year-over-year (YoY) with a record $4.9 billion raised in 383 deals compared to the $4 billion in 359 deals in the same time period last year, according to Mercom Capital Group’s latest report.

ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.