Ransomware Attack Shuts Down Medstar Washington Hospital

The Washington Post reported that a ransomware infection penetrated the computer network of MedStar Health early Monday morning, forcing the Washington health care behemoth to shut down its email and vast records’ database.

MedStar Health Data BreachHospitals are under full attack by criminal hackers, and the FBI is investigating the infection, similar to several other hospitals in California and Kentucky. In one case last month, a hospital in Los Angeles paid hackers $17,000 in bitcoins, an internet currency, to free its system. Forbes identified that strain of ransomware as “Locky” — a reference to the virtual lock the virus places on data.

Ransomware infections often cost more than the ransom itself, the downtime is considerable, looking at Medstar which operates 10 hospitals and more than 250 outpatient facilities in the Washington region. It serves hundreds of thousands of patients and employs more than 30,000 people.

“Even the lowest level staff can’t communicate with anyone. You can’t schedule patients, you can’t access records, you can’t do anything,” said one employee who asked that her name not be used because she wasn’t authorized to speak about the incident. Hospitals cannot afford to be shut down for any length of time. Without access to medical records, providing treatment to patients is risky at best. 

The woman said she spoke to two other employees who saw a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom in “some kind of internet currency.” She had not seen the pop-up herself.

The Washington Post said: "Medical facilities are vulnerable to these attacks in part because they don’t properly train their employees on how to avoid being hacked, according to Sinan Eren, who has worked in cyber-security for government and health care organizations for two decades. 'It’s not like the financial services industry, where they train employees how to spot suspicious emails,' said Eren, general manager at Avast Mobile Enterprise."

ABC Action News recently interviewed our founder and CEO Stu Sjouwerman about the rising ransomware threat in the health care industry. “This is scary, This is why we do what we do” said Sjouwerman. You can see the whole interview here: 

“They hack into your network, they own your network, they delete your backups, and then they infect your files,” Sjouwerman said. 

The healthcare industry is now in fact the most targeted by attackers according to a new report.

Special Agent Chris Stangl, a section chief at the FBI’s cyber division, said in a recent interview that ransomware attacks are becoming increasingly prevalent as more and more victims pay up. "The hackers 'scan the internet for companies that post their contact information,' then send them email phishing attacks."

It just takes one employee clicking on a phishing link to infect an entire network and encrypt every file that that one employee has access to. That's exactly what happened when hackers were able to lock DC doctors and nurses out of thousands of patient records.

“We are working with our IT and Cyber-security partners to fully assess and address the situation,” MedStar said in a statement. “The organization has moved to back-up systems, paper transactions where necessary,” the company said.

MedStar said that there is no evidence of compromised patient medical records or information and that all facilities remained open, despite the entire computer system being shut down.

The U.S. Department of Health and Human Services is required to post a list of breaches of unsecured protected health information affecting 500 or more individuals. As of today there have been 143 incidents in 2016 (updated 7.11.16, up from 49 in March!). 42 of those breaches were related to hacking incidentsas reported by the agency. 

Always think before you click. Do not open attachments from unknown senders. If an e-mail sounds shady or too good to be true, it probably is and whatever you do, do not open it. Back up your computer and files at the very minimum weekly, or if you put important files on it back it up daily. Sjouwerman said use an external hard drive to backup your files then remove the hard drive so an attack will not affect your backup. Regular external backups can save you from having to pay ransom should the worst-case scenario ever happen.


Again, it is clear this ransomware infection was caused by employees that were social engineered and did not get effective security awareness training.  Get a quote, find out how affordable this is for your organization, and be pleasantly surprised.

Get A Quote


Related Pages: Ransomware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews