- The health IT systems at MedStar Health are not completely back online following the EHR downtime caused by a ransomware attack earlier this week, the health system has revealed.
In a series of official updates on its website, the health system remains adamant that its decision to pull its health IT systems offline have not had a negative impact on patient privacy and safety.
On Monday, MedStar Health issued a statement in which it described its work to restore full EHR system functionality as making "significant progress."
"After a careful assessment and testing overnight, we are working to restore the majority of our IT systems today," the statement read. "We are using backup systems, including paper documentation — a process used before the advancements of technology — where necessary, and as an additional layer of support to our clinical operations. We will continue to partner with experts in the field of IT and cybersecurity, as well as law enforcement, to continually assess the situation as we safely restore functionality."
The system in question is Cerner EHR technology. As a spokesperson for the EHR vendor explained, the decision to take the system offline was a preventive measure to prevent unauthorized access to protected health information.
"While all systems were taken offline as a precaution, Cerner solutions — including the MedConnect EHR system — were not penetrated. The MedConnect system is now online at limited facilities, and we continue to work closely with our client as the broader IT framework is brought back online," the spokesperson told EHRIntelligence.com.
The head of MedStar Health praised the effort of its clinical and IT staff for its handling of the EHR downtime and also lamented the decision by hackers to target patients and adversely affect their care.
“The attempt to negatively impact an institution designed to save lives and care for those in need is a sad and troublesome reality of our times, not only for MedStar Health, but for our entire industry and the communities we serve,” President & CEO Kenneth A. Samet, FACHE, said in an official statement. “Fortunately, thanks to the expertise and dedication of our clinical and IT teams, we are addressing the current issue in an expeditious and thoughtful manner, never losing sight of our responsibility to our patients.”
In subsequent updates on Tuesday, the health system shared more details of its progress to completely restore its health information system:
Within 48 hours of the malware attack on MedStar Health's information system, the three main clinical information systems supporting patient care are moving to full restoration, and enhanced functionality continues to be added to other systems. We are pleased that our analysis continues to show no patient or associate data have been compromised. MedStar's IT team and cybersecurity experts have worked around the clock to protect the integrity of our clinical data systems, and to restore operations. Restoration of additional clinical systems continues with priority given to those related directly to patient care.
Included in the work was the scheduling system, which was also approaching full restoration as of yesterday morning.
The most recent statement from MedStar Health appear yesterday afternoon detailed how the health system has managed to provide care while addressing the EHR downtime caused by malware. "Our focus throughout has been on providing high quality, safe patient care and meeting the needs of our communities. Since Monday morning, we have seen more than 6,000 patients in our hospitals and ambulatory centers," stated the update.
The health system's CMO was steadfast in his remarks that staff have maintained a high level of patient safety throughout.
“The disruption to our systems has not impacted our ability to provide quality care to our patients, and we regret any inconveniences to our patients and the extra challenges to our associates that the perpetrators of this attack have caused," Stephen R.T. Evans, MD, asserted.
On Monday, The Washington Post reported that MedStar Health was turning away patients as a result of the ransomware cyberattack, but none of the recent updates indicates this to still be the case. A report in The Baltimore Sun claims that hackers are offering a bulk discount to release the data they have alledgely stolen.