UPDATE: Cerner Corporation has commented on the ransomware attack.
Many providers in the Capital Beltway found themselves working with paper records as a result of EHR downtime caused by a ransomware virus on the MedStar Health network, according to multiple reports.
The operator of ten hospitals in Maryland and Washington, DC, with 30,000 staff and 6,000 physicians began experiencing problems on Monday morning, the Associated Press reports.
Baltimore's Good Samaritan Hospital was the first to request the diversion of emergency medical services from its facilities. Similar requests from Union Memorial also in Baltimore followed soon thereafter. The eventual use of backup systems was enough to remove those diversions.
According to The Washington Post, MedStar Health officials were forced to take the hospital's email and EHR systems offline to prevent a virus from spreading throughout its network. The report indicates that the Federal Bureau of Investigation has launched an investigation into the cause of the breach although all reports specify that the integrity of protected health information remains unaffected. The hackers are still at large.
“Even the lowest-level staff can’t communicate with anyone. You can’t schedule patients, you can’t access records, you can’t do anything,” an unnamed MedStar Health employee told the news outlet.
Reportedly, several employees received a pop-up message requesting ransom in the form of Bitcoin to prevent the spread of the virus. Staff were forced to shut down their machines entirely and providers were forced on to paper records.
According to Definitive Healthcare, MedStar Health providers use Cerner EHR technology. A spokeperson from the EHR company provided an official statement noting that the MedStar Health EHR system was not accessed in the attack:
While all systems were taken offline as a precaution, Cerner solutions — including the MedConnect EHR system — were not penetrated. The MedConnect system is now online at limited facilities, and we continue to work closely with our client as the broader IT framework is brought back online.
The health system took to social media to alert patients to situation, posting the following message to its Facebook page:
Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation.
Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back-up systems paper transactions where necessary.
And a similar one to Twitter:
Networks temporarily shut down to prevent virus spread. We have no evidence of compromised information. All facilities remain open.
— MedStar Health (@MedStarHealth) March 28, 2016
Just last month, Hollywood Presbyterian Medical Center agreed to pay $17,000 to resolve a ransomware attack that encrypted its EHR data until the demanded the sum of money for an encryption key was met. HPMC discovered the attack on February 5 when reports about issues accessing the hospital network began to emerge, eventually determining malware to be the cause. Ten days later, the hospital EHR system was back online and purged of malware.
The Institute for Critical Infrastructure Technology (ICIT), which dubbed 2016 "the year of ransomware," describes ransomware attacks as the latest attempt to take advantage of the human element.
“Ransomware is less about technological sophistication and more about exploitation of the human element. Simply, it is a digital spin on a centuries old criminal tactic, ” the group said in a recent report.
“Ransomware criminals concern themselves with what they can disrupt,” it continued. “Business operations grind to a halt until the system is restored or replaced. Moreover, unlike traditional malware actors, ransomware criminals can achieve some profit from targeting any system: mobile devices, personal computers, industrial control systems, refrigerators, portable hard drives, etc.”
The EHR downtime caused by the MedStar Health attack highlights the necessity for providers to maintain backup records, a requirement for maintaining HIPAA compliance. Fortunately for MedStar Health patients, the health system had the right plans in place to handle the situation.