Skip to content ↓ | Skip to navigation ↓

A strain of ransomware has infected the computer systems of MedStar Health, a healthcare provider operates ten hospitals across the Washington DC and Baltimore region.

The attack has resulted in the organisation taking an extreme measure to stop the infection from spreading further: it has shut down large portions of its network.

As The Washington Post reports, the malware is thought to have been discovered early on Monday morning, and some staff have claimed that they saw ransom demands had popped up on infected PC’s screens demanding payment in “some kind of internet currency”.

In a Facebook post, MedStar Health issued a statement confirming it had fallen victim, and that users had experienced problems accessing their computers.

MedStar statement on Facebook

Early this morning, MedStar Health’s IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation.

Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back-up systems paper transactions where necessary.

In all likelihood, the attack was not specifically targeted at MedStar Health and the healthcare provider has simply found itself the unfortunate latest victim of a seemingly ever-increasing wave of ransomware, extorting money from individuals and businesses in exchange for the decryption of their critical files.

However, that is not much consolation for those who work at affected hospitals and outpatient facilities, of course, as they struggle to handle their workloads without access to computer systems and rely upon rarely-needed paper records instead. And that’s before you consider the impact this might have on those requiring medical assistance as well.

The FBI says it is investigating the attack, and if it manages to identify those responsible is unlikely to look kindly on the extortionists who have put the lives of innocent people at risk.

The temporary shut down of MedStar Health’s computer systems is not, of course, a decision that it will have taken lightly. It will understand the impact and inconvenience that it will cause its staff, partners and patients. But realising that other hospitals have had to pay thousands of dollars to extortionists for the safe recovery of encrypted data, the organisation will be keen to do all that it can to limit the scale of the infection.

In other words, it’s better to be safe than sorry.

Let’s hope that MedStar Health has contained the infection and is able to recover promptly – hopefully without having to pay any ransom. We can only hope that secure backups of encrypted data have been maintained, or that the forensics experts identify the strain of ransomware quickly and find it to be a variant for which a decryption tool has already been produced.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.