MedStar Health forced to turn patients away after virus attack
Despite reportedly quick response to malware that locked out IT systems users, health network had to deny some patients access while recovering.
MedStar Health was forced to turn some patients away on Tuesday as it recovered from a computer virus.
The healthcare provider said Tuesday that it was making progress toward restoring functionality of its computers, which were taken down after being hit by malware early Monday morning. MedStar then took those IT systems offline to avoid further corrupting its network infrastructure.
"With a few unique exceptions, all of our doors remain open," MedStar explained in a statement, while several reports said patients were denies access to the hospital and sent elsewhere. "The safety of patients and associates and the privacy of their information is our utmost concern."
[Also: MedStar Health hacked, computer virus locks out employees at Georgetown University Hospital]
Officials said they have not encountered evidence that patient data has been either stolen or compromised and that MedStar employees will refrain from adding any new data to systems without first determining that those computers are clean.
The attack, currently under investigation by the FBI, forced MedStar's 10 hospitals and more than 250 outpatient centers to shut down their computers and email on Monday.
The provider said staffers were working Tuesday to restore the majority of IT machines. They are using backup systems, including paper documentation, where necessary, and as an additional layer of support to clinical operations.
[Also: Experts: Data, devices, employees pose biggest challenges to hospital cybersecurity]
Several reports described the attack as ransomware, malicious code deployed to hold systems hostage until victims pay for a key to regain access. While neither the FBI nor MedStar have confirmed that the code is in fact ransomware, that style of attack has spiked in recent weeks with instances at Chino Valley Medical Center and its sister site Desert Valley Medical Center in California, Methodist Hospital in Kentucky and, prior to those, Hollywood Presbyterian was forced to pay cybercriminals $17,000 in Bitcoin in mid-February.
Twitter: @HC_Finance