WASHINGTON 鈥 Officials at MedStar Health say they are close to restoring normal operations of its information technology systems after being hit with a malware attack on Monday.
In a statement on , the health care giant repeats the assertion that there鈥檚 no evidence that patient data has been compromised, adding that聽computer systems at its 10 hospitals are 90 percent back after the cyberattack.
MedStar officials have not said whether the attack is an example of , but attacks on hospitals have been reported in recent weeks. As the health care industry 鈥 and hospitals in particular 鈥 ramp up efforts to digitize records, they become attractive targets to hackers, especially those who launch ransomware attacks, The Washington Post recently reported.
Unit chief at the FBI鈥檚 cyberdivision, Jeffrey Coburn said ransomware is the term used when hackers encrypt a user鈥檚 files, then send a message demanding payment 鈥 often in the untraceable cybercurrency Bitcoin 鈥 or the user鈥檚 files will remain locked up.
In one case, a Los Angeles hospital paid $17,000. The FBI tells users not to pay the ransoms, because when you do, 鈥測ou are continuing their business model. You are encouraging them to do this fraud,鈥澛燙oburn says.
Coburn says the hackers don鈥檛 always know who they鈥檙e attacking. That could explain why the extortion attempts ask for relatively small amounts even when huge corporations are targeted.
鈥淭hey don鈥檛 necessarily always know who they are sending those ransoms to,鈥 he says. 鈥淭hey don鈥檛 know if they鈥檙e sending them to a private person or a corporation.鈥
Coburn says that鈥檚 changing.
If you鈥檙e hit by a ransomware attack, Coburn urges you to contact the FBI. But the key, as with so much cybersecurity, is prevention. First, make sure you back up your computer regularly.
鈥淭his backup should not remain connected to the computer, however, because we found that these perpetrators are actually going after those backups and deleting them, or encrypting those backups as well,鈥 Coburn says.
There are other basic cybersafety practices to make sure you keep your files from attack: Never open attachments from unsolicited emails.
Coburn says even when getting emails from people you know, be careful about opening attachments.
鈥淎lso, make sure your anti-virus software is up to date 鈥 and that鈥檚 not enough 鈥 you have to actually run anti-virus scans on your computers,鈥 he says. 鈥淎lso, make sure patches for your operating system and web browser are up to date.鈥
Finally, he said, only download software from sites you know and trust.
Below is a full statement from MedStar on Friday:
A cyberattack presented itself in MedStar Health鈥檚 IT systems early Monday morning.聽 Upon discovery, MedStar IT security experts made a courageous and mission-critical decision to bring the remainder of MedStar鈥檚 systems and connectivity down quickly.聽 This decision, in particular, has been recognized by many involved, including cybersecurity and law enforcement experts, as a critical component in the resulting recovery time.聽 Once down, MedStar and its partners began to assess the nature of the attack, alerting appropriate parties, including regulators and law enforcement.
During the down time of technology systems, MedStar stood up its Command Centers system-wide and began to coordinate with hospitals, outpatient facilities and other services within MedStar.聽 Health systems and providers are trained for events such as these, and Command Centers are standard protocol as part of a healthcare system鈥檚 Crisis Preparedness training.聽 Regular calls began and status was reported out from the technology teams on the IT systems.聽 In turn, hospitals and entities reported on their individual status.聽 At the same time, clinical care providers turned to established backup systems, including paper documentation as necessary, while cybersecurity partners and MedStar鈥檚 IT experts worked to identify the malware and create a signature file to contain it.聽 Leaders regrouped frequently throughout the days and week to keep the process moving forward.聽
Thanks to focused efforts, the three major clinical systems were brought back within 48 hours and as of Friday morning, MedStar was approaching 90 percent functionality.聽 Physicians, nurses, pharmacists, technicians, information systems experts and others were mobilized to bring the organization鈥檚 systems back online as rapidly and safely as possible.聽 With only a few exceptions, handled on a case-by-case basis, care continued throughout this situation and has been provided to thousands of patients during the past five days.
MedStar鈥檚 priority throughout this attack remains focused on providing high quality, safe care for patients and continuing to meet the care needs of the community.聽 Additionally, among its highest IT priorities was to ensure that patient and associate information remained secure and protected.聽 MedStar takes its service to the community very seriously and as such, will continue to partner with other health systems, cybersecurity experts and law enforcement officials, when appropriate, to share any and all best practices and lessons learned.聽 However, as MedStar closes in on full functionality of its systems, the focus of the organization and its leaders remains on care for our patients and ensuring that high quality, safe care is being delivered.聽
As functionality efforts continue across MedStar, we will not provide additional comments with respect to the privacy and security of our patients and their families.聽 The leadership is pleased and proud of its teams for their efforts in bringing the IT systems back to functionality. MedStar will not discuss publically any information related to the malware that affected our healthcare system except to confirm that MedStar has not paid any type of ransom.聽 Details have been provided and are being shared with law enforcement, including the Federal Bureau of Investigation.
Additional media coverage featuring criminal acts鈥攐ffenses against the public that are punishable鈥攑erpetuates the infamy of malicious attacks for airtime and publicity, even if anonymous in nature.聽 Evidence shows that copycat perpetrators and plotters look to previous examples for inspiration and operational details.聽 MedStar will not provide details publicly to the malware details, the attack or the attackers.聽 Though MedStar is not yet focused on an evaluation of the financial impact of the attack, 聽聽MedStar is a $5 billion healthcare delivery system and has remained open throughout the attack and maintained near normal volume levels, and in some cases, higher than normal volumes.聽
The Associated Press contributed to this report.
