Second U.S. hospital in as many months becomes victim of malware attack

By Canadian Underwriter | March 31, 2016 | Last updated on October 30, 2024
2 min read

Just over one month after the president and CEO of a hospital in Los Angeles admitted to paying about US$17,000 to hackers following a ransomware attack, another hospital in the United States has become victim of a malware attack.

iStock_000084923049_MediumOn Tuesday, Columbia, MD-based MedStar Health reported in a statement that its IT system “was affected by malware early Monday morning.” At the early signs of an issue, IT staff made the decision to take down all systems as a precaution and to “ensure no further corruption,” MedStar Health said in a statement.

After a careful assessment and testing overnight Monday, the company was working to restore the majority of IT systems in its healthcare facilities, using backup systems – including paper documentation – where necessary and as an additional layer of support to clinical operations, the statement said.

“We have no evidence that patient information has been compromised or stolen in any way,” MedStar Health said, adding that “patient information will not be added to any system without ensuring it is completely free of any and all viruses and security threats.”

In a separate media release issued on Wednesday, MedStar Health said that 48 hours after the malware attack, the “three main clinical information systems supporting patient care are moving to full restoration, and enhanced functionality continues to be added to other systems. We are pleased that our analysis continues to show no patient or associate data have been compromised.”

Systems that enable patients to make medical appointments are also moving toward full restoration, which will reduce the disruption in the appointment setting experience, the release said.

“Our remarkable team of physicians, nurses and associates have been dedicated to maintaining high quality care for all our patients despite the disruption caused by the malware attackers,” said Stephen R.T. Evans, MD, chief medical officer of MedStar Health. “The disruption to our systems has not impacted our ability to provide quality care to our patients, and we regret any inconveniences to our patients and the extra challenges to our associates that the perpetrators of this attack have caused.”

On Feb. 17, Allen Stefanek, president and CEO of the Hollywood Presbyterian Medical Center, reported that the hospital paid 40 bitcoins, equivalent to approximately US$17,000, to hackers following a ransomware attack. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Stefanek said at the time. “In the best interest of restoring normal operations, we did this.”

Canadian Underwriter