MedStar Health, a Maryland-based healthcare company, was infected with a computer virus forcing the company to shut down its email and records database, leaving hospitals and thousands of employees to resort to pen and paper medical records and transactions. The nonprofit operates 10 regional hospitals in the greater Baltimore-Washington metropolitan area and is currently working with the FBI in an investigation of the Monday breach.
While Medstar said all 10 hospitals and 250 outpatient facilities in the region will remain open as no patient medical records or other information was compromised, it will be difficult to deliver the same patient care without access to patient data. In fact, some MedStar patients were turned away or were treated without important medical records on Tuesday. In an official statement, the nonprofit said, “MedStar’s highest priorities are the safety of our patients and associates and confidentiality of information. We are working with law enforcement, our IT and Cyber-security partners to fully assess and address the situation.”
Although MedStar health officials maintain that the attack did not involve ransomware, one employee sent the Washington Post an image of a ransom note demanding the company to pay 45 bitcoins – which translates to about $19,000. The note that read, “You just have 10 days to send us the Bitcoin, after 10 days we will remove your private key and it’s impossible to recover your files,” surely indicates that the attack contained some aspect of ransomware tactics. This most recent breach is just another example of how the healthcare industry is failing to keep up with cybercriminals’ constantly evolving techniques, further proving that better cybersecurity practices and cyber insurance are becoming a must-have in the healthcare industry.