The FBI is investigating a computer virus that has infected the computer network of Washington, DC-area hospital system MedStar Health. Hospital administrators shut down large areas of MedStar’s online operations due to the virus, and although they acknowledged that there was a breach, they said there wasn’t any evidence that any patient information had been stolen, reports The Washington Post.
MedStar computers compromised by virus
MedStar Health is one of Washington’s biggest healthcare providers. A spokesperson for the hospital system released a statement saying that they acted quickly in taking down all interfaces to keep the computer virus from spreading throughout the system’s entire computer network. The healthcare group is working with its cyber-security and information technology partners to investigate and address the problem.
The $5 billion healthcare provider’s clinical locations are still open today, however. MedStar operates ten hospitals and more than 250 healthcare facilities in the Washington area. The healthcare system employs more than 31,000 people and serves hundreds of thousands of patients per year.
Georgetown University Hospital among those affected
According to the Associated press, the virus infected Georgetown University Hospital’s computer system, among others. Staff members reported that they were unable to access a massive patient database or their email accounts.
An employee reportedly told The Washington Post that they couldn’t get into any part of MedStar Health’s computer system. The person also said the lowest level staff members were unable to communicate with anyone else and that they couldn’t schedule appointments, access records or do anything at all. She said they had reverted to using paper charts so that they could continue seeing patients.
Someone who visited one of MedStar Health’s hospitals told ZDNet that staff members shut down the healthcare organization’s computers after learning that there was a computer virus. The hospital visitor said that all of the facilities computers were shut down for over an hour and that all patient orders had been lost. The person said a lot of people were just standing around and that things got worse and worse as time dragged on.
FBI investigating MedStar Health computer virus
The FBI is investigating the virus that infected MedStar’s computer systems. The Associated Press reports that investigators are looking into whether the infection is an attempt at extortion, which was the case in two other recent cyber-attacks on healthcare facilities. In one attack involving the use of ransomware, a Los Angeles-area hospital had to shell out $17,000 worth of bitcoins last month in order to get control over its computers back from hackers. Another healthcare facility in Kentucky said two weeks ago that it faced a similar attack and placed itself in a state of emergency.
Healthcare facilities in the U.S. aren’t the only ones that have been targeted recently either. Hackers have also targeted hospitals in Australia and Europe, infecting their computer systems with ransomware and demanding huge sums of money before they would send a key that would decrypt their files and unlock them and enable the healthcare facilities to resume normal operations.
The Baltimore Sun spoke to a cyber-security expert with Independent Security Evaluators, who said the cyber-attack endangers patients—and not just because their personal information could be stolen. Recently Ted Harrington’s firm published the findings from their two-year investigation into hospitals’ cyber-security. The firm was able to carry out a number of different attacks on medical databases and medical devices and described those attacks in its report.
How the ransomware attacks occur
Although the LA hospital that was targeted by hackers paid the ransom, the FBI does not recommend that ransom be paid. Usually hackers plan months ahead of time which organizations or businesses they will target and dive into their computer systems early. Then they map out the computer network and decide where it may be most critical to deploy the ransomware.
According to Health IT Outcomes, Henderson, Ky.-based Methodist Hospital successfully fended off the ransomware attack, which was on March 18, by having a backup and recovery system in place. The hospital claims it never paid the ransom demanded by the hackers and that within days of the attack, its systems were back up and running. Administrators switched operations to the backup system.
In both the Kentucky case and the case involving Hollywood Hospital in LA, the hackers used a type of ransomware called Locky, which is spread through email and then encrypts all the data on the affected system while deleting the original files.