This article is from the source 'washpo' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html

The article has changed 6 times. There is an RSS feed of changes available.

Version 0 Version 1
MedStar Health turns away patients one day after cyberattack on its computers MedStar Health turns away patients amid serious challenges after cyberattack
(about 7 hours later)
Some MedStar Health patients say they are being turned away as the health-care giant’s computer systems remain crippled by a virus that infected it Monday morning. MedStar Health patients were being turned away or treated without important computer records Tuesday as the health-care giant worked to restore online systems crippled by a virus on Monday.
Cynthia Decker, who underwent a kidney transplant late last year, had an appointment scheduled on Monday at MedStar Georgetown University Hospital, but she got a call from a nurse practitioner just before arriving at the facility. MedStar officials hoped that hundreds of thousands of patient records could be accessed again by Tuesday night, a spokeswoman said. She added that the institution’s 10 hospitals and more than 250 outpatient facilities in the Washington region were functioning safely.
“All the computers are down,” she recalled the woman telling her. “Don’t come in.” But two nurses said the cyberattack created a chaotic environment in at least one MedStar facility.
Her appointment was moved to Tuesday, but MedStar cancelled Tuesday morning. At Washington Hospital Center, one nurse who worked overnight described the situation as difficult. Without access to email and computer systems, the medical staff has fallen back on seldom-used paper records that must be faxed or hand-delivered. But this nurse and another told The Post that the paper charts are far less comprehensive than those kept in digital form. They can be missing vital pieces of patient information: complete medical histories, every drug prescribed, allergies to medicine and treatment plans.
“They’re down again,” the staff member told her at 8 a.m. Without the sophisticated computer systems, they explained, the health-care facilities are operating without a number of essential safeguards meant to prevent human error.
“We cannot function normally,” the nurse said.
[Virus infects MedStar Health system’s computers, forcing an online shutdown][Virus infects MedStar Health system’s computers, forcing an online shutdown]
MedStar officials have not responded to multiple requests for comment, but someone who works closely with the $5 billion health-care provider confirmed that the computer systems remain down and that staff has been turning patients away. MedStar spokeswoman Ann Nickels denied that the cyberattack under investigation by the FBI had made that dramatic an impact on the $5 billion health-care provider, which employs more than 30,000 people at facilities from Arlington to Baltimore.
The spouse of a man receiving cancer treatment at one MedStar facility told The Post he has been unable to receive radiation treatment for two days because of the shutdown. The spouse annoyed by MedStar’s assertion on Monday that “facilities remain open and functioning” wrote in an email that “the individuals most dependent on reliable, safe and uninterrupted treatment (i.e. cancer patients) are in fact currently not receiving at least some of those treatments.” “There’s absolutely no indication of that from clinical leaders who are reporting in several times a day,” she said. “It’s stressful, but I think we all know what we need to do.”
MedStar operates 10 hospitals and more than 250 outpatient facilities in the Washington region. It serves hundreds of thousands of patients and employs more than 30,000 people. Chief medical officer Stephen R. T. Evans said in a statement Tuesday afternoon that “the quality and safety of our patients remains our highest priority, which has not waned throughout this experience.”
MedStar officials have refused to say whether they are the target of “ransomeware” a virus that holds systems hostage until victims pay for a key to regain access and has been deployed at least three times against hospitals this year. The nurse, however, said that the challenges were serious.
MedStar staffers reported Monday seeing a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom in bitcoins, an Internet currency. For example, because lab results were taking so much longer to process, the nurse continued to give one patient a powerful antibiotic with a number of potentially serious side effects that should have been discontinued.
The FBI is investigating the cyberattack, which comes just weeks after similar cyberattacks on at least three other medical institutions in California and Kentucky. “The medication,” the nurse said, “should have been stopped eight hours earlier.”
Neither MedStar nor the FBI has said how long it expects the systems to remain offline. MedStar officials stressed on Monday that they had found “no evidence that information has been stolen.” An emergency room nurse at the same hospital said ambulances continued to arrive after the shutdown on Monday afternoon, she said, despite the staff’s struggles to remain organized without their computers.
“MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization,” spokeswoman Ann Nickels said in a statement. “We are working with our IT and cyber-security partners to fully assess and address the situation.” Eventually, she said, ambulances carrying patients with non-life-threatening issues were diverted elsewhere.
Still, problems persisted throughout the evening. The nurse said she noticed a number of paper charts with pages that lacked labels containing each patient’s identifying information. Without those labels, she said, documents could be placed on the wrong chart.
“There are a lot of people who have never done paper charting before so it was a little chaotic for them,” she said. “I think the biggest fear that I had when I was working yesterday was the big opportunity for error.”
Derek Farwagi, 73, learned of the crisis Tuesday when he arrived at MedStar Georgetown University Hospital for his quarterly appointment with a kidney specialist. A doctor, he said, told him they couldn’t access his health records so his appointment had been cancelled.
“It’s nuts that they don’t have a crisis management system,” Farwagi said. “It’s absolutely irresponsible.”
The doctor also told him, he said, that “the hackers were demanding a ransom.”
Nickels said she had not been told that MedStar was the target of “ransomware” — a virus that holds systems hostage until victims pay for a key to regain access.
MedStar staffers told a colleague Monday that they’d seen a pop-up on their computer screens stating that they had been infected by a virus and asking for ransom in bitcoins, an Internet currency.
A spokesman for the FBI declined to comment on its investigation, which comes just weeks after similar cyberattacks on at least three other medical institutions in California and Kentucky. In one case last month, a hospital in Los Angeles paid hackers $17,000 in bitcoins to free its system.
In the Washington area, patients with significant medical conditions were encountering treament delays.
Cynthia Decker, who underwent a kidney transplant in December, had an appointment scheduled at MedStar Georgetown on Monday, but got a call from a nurse practitioner just before arriving at the facility.
“All the computers are down,” she recalled the nurse practitioner telling her. “Don’t come in.”
Her appointment was moved to Tuesday, but MedStar cancelled Tuesday morning.
“They’re down again,” a staffer told her at 8 a.m.
The spouse of a man receiving cancer treatment at one MedStar facility told The Post he has been unable to receive radiation treatment for two days because of the shutdown. The spouse — concerned by MedStar’s assertion on Monday that “facilities remain open and functioning” — said that “the individuals most dependent on reliable, safe and uninterrupted treatment (i.e. cancer patients) are in fact currently not receiving at least some of those treatments.”
MedStar officials acknowledged treatment delays.
On Monday, they stressed that they had found “no evidence that information has been stolen” and that they’d “acted quickly” to contain the virus by shutting down their computer systems.