Major US Health Organisation Systems Disrupted By Malware

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

MedStar Health has reverted to paper backup systems for the past two days following a malware attack

MedStar Health, a non-profit medical services provider in the Washington, DC area, said late on Tuesday it was working to restore “the majority” of its systems following a malware attack on Monday.

MedStar took its systems offline when the malware was discovered early on Monday morning, and they have remained offline for two days, the organisation confirmed.

Reverting to paper


In the meantime, MedStar said it is relying on backup systems including paper documentation.

“After careful assessment, MedStar is working to restore the majority of our systems today,” MedStar said in a statement on its Facebook page late on Tuesday.

The group said it is working with IT security experts and law enforcement officials, with the FBI saying on Monday it was investigating the incident.

MedStar, which operates 10 hospitals and 250 outpatient facilities in Washington, DC and Maryland, is one of the largest medical organisations to date whose functioning has been disrupted by malware.

No indication was given as to the nature of the attack, but a number of health organisations have recently been targeted by ransomware, which encrypts single or multiple systems across a network and then demands payment to unlock them.

‘Services continue’

The organisation said it is continuing to provide medical services and said continuing with elective procedures would be determined on a case-by-case basis.

At least some patients at MedStar Washington Hospital Centre were asked to reschedule non-emergency appointments, according to a Reuters report that cited an unnamed MedStar vendor.

As of midday on Tuesday staff were able to view some electronic records but new patient information was still being recorded by hand, according to the report.

The FBI recently called for emergency aid from businesses and IT security organisations in its investigation of a ransomware variant called Samas that targets health organisations and infects multiple systems across a network. Cisco’s Talos IT security group warned last week that Samas was had hit a number of companies, with many paying to unlock their systems.

Henderson, Kentucky-based Methodist Hospital last week declared a state of internal emergency after a ransomware attack last week, while the Hollywood Presbyterian Hospital in Los Angeles last month paid $17,000 (£12,010) to recover access to files encrypted in a separate incident.

Earlier this month security researchers suggested a number of ransomware attacks may have been carried out by hackers who had previously been employed by the Chinese government and were looking for new ways to make money.

Are you a security pro? Try our quiz!