MedStar Health Infected with Ransomware

Healthcare provider MedStar Health disabled its network on Monday, March 28 in response to a ransomware attack, CSO Online reports.

“Even the lowest-level staff can’t communicate with anyone,” one employee told the Washington Post at the time. “You can’t schedule patients, you can’t access records, you can’t do anything.”

The following day, MedStar stated, “Significant progress is being made toward restoring functionality of MedStar Health’s IT system, which was affected by malware early Monday morning. At the early signs of an issue, our team quickly made a decision to take down all of our systems as a precaution and to ensure no further corruption.”

“We are using backup systems, including paper documentation — a process used before the advancements of technology — where necessary, and as an additional layer of support to our clinical operations,” the organization added.

On the morning of Wednesday, March 30, MedStar stated, “Within 48 hours of the malware attack on MedStar Health’s information system, the three main clinical information systems supporting patient care are moving to full restoration, and enhanced functionality continues to be added to other systems. We are pleased that our analysis continues to show no patient or associate data have been compromised.”

“Our remarkable team of physicians, nurses and associates have been dedicated to maintaining high quality care for all our patients despite the disruption caused by the malware attackers,” company chief medical officer Stephen R.T. Evans, MD, said in a statement. “The disruption to our systems has not impacted our ability to provide quality care to our patients, and we regret any inconveniences to our patients and the extra challenges to our associates that the perpetrators of this attack have caused.”

Qualys CTO Wolfgang Kandek told eSecurity Planet by email that ransomware is quickly becoming a significant threat to the availability of the IT infrastructure of all organizations, regardless of industry or size. “In order to minimize the susceptibility to ransomware, IT managers need to harden their users’ workstations as these are the main targets of the attacks,” he said.

Ransomware, Kandek said, generally gets onto a user’s system by exploiting vulnerabilities and configuration flaws. “Both cases are relatively easy to address, vulnerabilities through patching and configuration flaws through setup changes,” he said. “An accurate inventory of the hardware and software deployed and its current configuration settings are vital to close down the most active attack vectors.”

According to the results of a recent survey of 275 IT consultants and security experts, commissioned by Intermedia and executed by Researchscape International, 43 percent of IT consultants have seen their customers fall victim to ransomware, and 59 percent of respondents expect the number of ransomware attacks to increase this year.

Seventy-two percent of businesses that have been infected with ransomware were unable to access their data for at least two days following a ransomware infection, and 32 percent lost access for five days or more.

“In the age of ransomware, what matters is how quickly employees are able to get back to work,” Intermedia senior vice president of security products Richard Walters said in a statement. “Traditional backup and file sharing solutions are increasingly inadequate when it comes to addressing this growing concern, putting businesses at risk.”

Recent eSecurity Planet articles have examined the growing threat of ransomware and offered advice on providing user security training.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles