“Our team quickly made a decision to take down all of our systems as a precaution and to ensure no further corruption,” says an official statement. The incident happened just one week after Hollywood Presbyterian Medical Center in California had its entire network shut down by ransomware.
Hollywood Presbyterian ultimately paid off the ransomware to the tune of $17,000; MedStar Health isn’t confirming or denying that they paid anyone off, only pointing to the statement on their website.
“We are working with our IT and Cybersecurity partners to fully assess and address the situation,” the hospital said in a statement. Also involved is the FBI, which is reportedly investigating the situation.
Networks temporarily shut down to prevent virus spread. We have no evidence of compromised information. All facilities remain open.
— MedStar Health (@MedStarHealth) March 28, 2016
There is no evidence that any personal information has been stolen, according MedStar’s statement.
The healthcare industry is a particularly attractive target for hackers and malware makers, if also a reprehensible one for them to select. Hospitals and insurance companies store a ton of personal information about patients, which is useful in the black market. Tight budgets, meanwhile, mean cyber-security isn’t always a top priority.
The last few months have seen hospitals targeted in a wide range of attacks, from Hollywood to Kentucky and even to attacks on medical devices themselves. It’s an unfortunate reality.
“The attempt to negatively impact an institution designed to save lives and care for those in need is a sad and troublesome reality of our times, not only for MedStar Health, but for our entire industry and the communities we serve,” said Kenneth A. Samet, president and CEO of MedStar Health.
He’s right, but it’s also true that healthcare companies need to do more to lock down their networks for the 21st century. Sad and troublesome as it might be, it’s necessary.
