This article is from the source 'washpo' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.washingtonpost.com/local/likely-ransomware-cyberattack-still-crippling-medstar-health-computers-at-some-hospitals/2016/03/30/a82c9fa8-f687-11e5-8b23-538270a1ca31_story.html

The article has changed 5 times. There is an RSS feed of changes available.

Version 3 Version 4
Likely ransomware cyberattack still crippling MedStar Health computers at some hospitals Possible ‘ransomware’ attack still crippling some MedStar hospitals’ computers
(35 minutes later)
Hospitals throughout MedStar Health’s network of facilities continued to face problems with their online systems Wednesday, two days after a cyberattack crippled the health-care giant’s email and patient records databases. Hospitals throughout MedStar Health’s network continued to face problems with their online systems Wednesday, two days after a cyberattack crippled the health-care giant’s email and patient records databases.
“Our electronic medical records system is working,” spokeswoman Ann Nickels said. “Individual work stations may not be working.”“Our electronic medical records system is working,” spokeswoman Ann Nickels said. “Individual work stations may not be working.”
MedStar also issued a statement Wednesday saying that “the three main clinical information systems supporting patient care are moving to full restoration, and enhanced functionality continues to be added to other systems.”MedStar also issued a statement Wednesday saying that “the three main clinical information systems supporting patient care are moving to full restoration, and enhanced functionality continues to be added to other systems.”
What systems worked and where, however, was inconsistent, according to staff reached by The Post. But what systems worked and where varied, according to staffers reached by The Washington Post.
“In the in-patient units that I’m aware of, everything is off. The computers are off,” said Stephen Frum, a labor representative for National Nurses United who has worked closely with MedStar for 15 years. “The system may be working, but if no one can access it, what use is that?” “In the inpatient units that I’m aware of, everything is off. The computers are off,” said Stephen Frum, a labor representative for National Nurses United who has worked closely with MedStar for 15 years. “The system may be working, but if no one can access it, what use is that?”
The $5 billion health-care provider, which operates 10 hospitals and more than 250 outpatient facilities in the Washington region, has contended with the crisis since early Monday, frustrating both patients and staff members who asserted that the problems have been worse than MedStar has acknowledged. The $5 billion health-care provider, which operates 10 hospitals and more than 250 outpatient medical centers in the Washington region, has contended with the crisis since early Monday, frustrating patients and staff members, some of whom asserted that the problems have been worse than MedStar has acknowledged.
On Wednesday morning, The Post surveyed emergency departments at nine MedStar hospitals, and staff at four of them — including Georgetown University Hospital and Good Samaritan Hospital in Baltimore — said their computers remained offline. Two hospitals refused to say. The rest indicated that some systems and computers worked while others didn’t. On Wednesday morning, The Post surveyed emergency departments at nine MedStar hospitals, and staff members at four of them — including Georgetown University Hospital and Good Samaritan Hospital in Baltimore — said their computers remained offline. Staffers at two hospitals declined to comment on the state of their computer systems. The rest indicated that some systems and computers were working.
A psychologist who works in an outpatient facility in the District said staff in her office were able to access the primary medical records database, but still had to fax prescriptions. At MedStar Washington Hospital Center, an emergency room nurse said that by Wednesday afternoon her department was “almost fully functional,” but other floors “still have no access to any systems.” A psychologist who works in an outpatient medical center in the District said staffers in her office were able to access the primary medical records database but still had to fax prescriptions.
Still, MedStar officials said that they had “continued to provide care approximating our normal volume levels,” according to a press release Wednesday afternoon. They estimated that the system’s medical personnel had seen more than 6,000 patients and performed 782 surgeries since Monday. At MedStar Washington Hospital Center, an emergency-room nurse said that by Wednesday afternoon, her department was “almost fully functional” but that other floors “still have no access to any systems.”
Still, MedStar officials said they had “continued to provide care approximating our normal volume levels,” according to a news release Wednesday afternoon. MedStar officials estimated that the system’s medical personnel had seen more than 6,000 patients and performed 782 surgeries since Monday.
[MedStar Health turns away patients after likely ‘ransomware’ cyberattack][MedStar Health turns away patients after likely ‘ransomware’ cyberattack]
MedStar officials have refused to characterize Monday’s cyberattack as “ransomware,” a virus that holds systems hostage until victims pay for a key to regain access. But a number of employees reported seeing a pop-up on their computer screens seeking payment in bitcoins, an Internet currency. One woman who works at MedStar Southern Maryland Hospital Center sent The Post an image of the ransom note, which demanded that the organization pay 45 bitcoins — equivalent to about $19,000 — in exchange for the digital key that would release the data. Officials in the hospital network have refused to characterize Monday’s cyberattack as “ransomware,” a virus that holds systems hostage until victims pay for a key to regain access. But a number of employees reported seeing a pop-up on their computer screens seeking payment in bitcoins, an Internet currency. One woman who works at MedStar Southern Maryland Hospital Center sent The Post an image of the ransom note, which demanded that the organization pay 45 bitcoins — equivalent to about $19,000 — in exchange for a digital key that would release the inaccessible data.
“You just have 10 days to send us the Bitcoin,” the note read, “after 10 days we will remove your private key and it’s impossible to recover your files.” “You just have 10 days to send us the Bitcoin,” the note read. “After 10 days we will remove your private key and it’s impossible to recover your files.”
The cyberattack is being investigated by the FBI just weeks after similar viruses infected other hospitals in Kentucky and California. The cyberattack is being investigated by the FBI just weeks after similar episodes at hospitals in Kentucky and California.
The health-care industry is considered particularly vulnerable to ransomware attacks, but they are on the rise everywhere as more victims pay up. In a nine-month period in 2014, the FBI investigated 1,838 complaints of such attacks, which cost those targeted more than $23.7 million. In 2015, agents investigated 2,453 complaints, costing targets $24.1 million. The health-care industry is considered particularly vulnerable to ransomware attacks, but such incursions are on the rise everywhere as more victims pay. In a nine-month period in 2014, the FBI investigated 1,838 complaints of such attacks, which cost those targeted more than $23.7 million. In 2015, agents investigated 2,453 complaints in attacks that cost targets $24.1 million.
[These hackers can hold a town hostage. And they want ransom in bitcoin.] [These hackers can hold a town hostage. And they want ransom paid in bitcoin.]
On Tuesday, Nickels said that MedStar’s facilities, which stretch from Arlington to Baltimore, have operated safely throughout the crisis. On Tuesday, Nickels said that MedStar’s facilities, which stretch between Arlington and Baltimore, have operated safely throughout the crisis.
But some patients had their appointments cancelled on Monday and Tuesday, and two nurses and a doctor described serious challenges treating patients without access to sophisticated computer systems and records. But some patients’ appointments were cancelled Monday and Tuesday, and two nurses and a doctor described serious challenges treating patients without having access to sophisticated computer systems and records.
Medical staff were forced to rely on seldom-used paper records that had to be faxed or hand-delivered. Paper charts are far less comprehensive than those kept in digital form. They can be missing vital pieces of patient information: complete medical histories, every drug prescribed, allergies to medicine and treatment plans. Medical staffers turned to seldom-used paper records that had to be faxed or hand-delivered. Paper charts are far less comprehensive than digital records. They can be missing vital pieces of patient information such as medical histories, drugs prescribed, allergies to medicines and treatment plans.
“It’s really a very difficult situation to deal with,” said one doctor who works for MedStar at a Disrict location. “It’s a serious warning to other health-care systems.” “It’s really a very difficult situation to deal with,” said a doctor who works for MedStar at a District location. “It’s a serious warning to other health-care systems.”