One of the largest hospital chains in Washington was affected by a virus and shuttered computers for patients and medical staff, forcing the hospital to revert to the paper system.
The attack which affected the MedStar Health Inc., forced records systems offline, prevented patients from booking appointments and also left staff unable to check email messages and look up phone numbers. The FBI confirmed that they were investigating the matter.
This incident is one of a few against US medical providers. Another case was in California, where the hospital had to pay ransom using Bitcoin currency to free its affected systems. An anonymous FBI official said they were assessing whether the same thing happened at MedStar also.
MedStar staff was using papers and one employee who spoke on condition of anonymity said, “We can’t do anything at all. There’s only one system we use, and now it’s just paper.
The attack seemed to be easing on Monday, with one Georgetown University Hospital employee saying that some managers changed their shifts to come in early and leave late to accommodate the disruptions caused.
MedStar is based in Washington and Maryland, operating ten hospitals including the Georgetown Hospital, in these areas. It has 30,000 employees on its payroll and another 6,000 affiliated physicians.
A spokeswoman for the company, Ann Nickels, said they could not say whether it was a ransomware attack or not. When asked whether there had been any ransom demanded, she said, “I don’t have an answer to that,” and gave reference to the company’s statement. She also said the patient care had not been affected, and hospitals were still functioning after they had shifted to a paper backup system.
Medical director at Maryland’s emergency medical services network, Dr. Richard Alcorta, suspects that it was a ransomware attack and was probably based on multiple ransomware attempts on the numerous individual hospitals in the Washington State. He also said he was unaware of any ransoms paid by Maryland hospitals. “People view this, I think as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus,” he says.
Monday’s hacking at MedStar comes one month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment. Hospitals are considered critical infrastructure, so hackers see them as an easy target.