A Washington D.C. area chain of hospitals is the latest medical institution to have its systems compromised by anonymous hackers.
The FBI is investigating a Monday cyberattack that took the records systems offline at MedStar Health Inc. Local TV station WTOP reported the chain's hospitals were using pen and paper backup systems.
“We can’t do anything at all. There’s only one system we use, and now it’s just paper,” a Medstar employee speaking on condition of anonymity told WTOP.
One doctor at MedStar Georgetown University Hospital told ABC News the outage included electronic medical records, scheduling computers, Internet, and email.
Medstar operates at least 10 hospitals in the Washington D.C. metro area, and was listed by The Washington Post in 2011 as having the most local employees in the D.C. area.
A company spokesperson would not provide additional information on the nature attack, such as whether hackers demanded a ransom, and said that patient care had not been affected.
An FBI spokesperson said they were aware of the attack and were actively investigating.
The Medstar outage comes a month after a Los Angeles hospital paid a 40 Bitcoin ransom (about $17,000) to remove malware from its systems. Hollywood Presbyterian Medical Center's attack was highly publicized, but there have been other less-publicized recent cyberattacks on hospitals including:
- Two other Los Angeles hospitals were attacked last week. A spokesman for Prime Healthcare, which operates the hospitals, said no ransom was paid and no data was compromised.
- Methodist Hospital in Henderson, Ky, said it was briefly infected with ransomware earlier in the month, but that it was able to contain its spread without paying a ransom.
- Ottawa Hospital had a similar experience earlier in the month of being infected with ransomware, but being able to isolate and wipe out the infection.
- A hospital in Iowa City, Iowa, was less lucky, reporting yesterday that about 15,000 patients records had been compromised by a virus designed to capture personal data.
That's just for March 2016 and the month isn't even over yet.
Even though most of these attacks turn out to cause little ongoing damage, it's clear that the digital defenses of medical institutions are being probed for weaknesses. Maybe now's a good time for hospital administrators to go hire that extra infosec specialist.