In the last couple of weeks, numerous large health organizations, including hospitals, have been the target of malware attacks. Last night, MedStar, which operates ten hospitals in Washington, D.C. and Maryland was hit with malware and had to take all of their computer systems, including every station in every hospital offline. MedStar, which employs about 30,000 staff and has about 6,000 affiliated physicians, had to resort back to paper orders. The FBI has not confirmed what type of malware has infected MedStar’s systems, but it has caused serious issues, including diverting of patients to other hospitals. While healthcare systems are still prime targets for hackers, in view of all of the personal information required in today’s modern medical system, there has been a recent rise in ransomware attacks that lock the systems from use. This MedStar attack follows the ransomware attack on Hollywood Presbyterian Medical Center, which infected both the primary and backup systems to the point that Hollywood Presbyterian had to pay the hackers money to regain access to their own computer systems. Other ransomware attacks have become so sophisticated, that once on the system it is nearly impossible to eliminate, making it cheaper in some instances to dispose of the physical hardware.
In view of the increase in attacks against medical centers, we strongly recommend that everyone review the security of their systems, as well as provide additional training to employees on how to avoid infecting the systems with a virus. Most of the recent attacks were accomplished when an individual with privileges opened an e-mail or an attachment (including in one recent ransomware attack a Word document) that was infected. A single infected computer can then spread the virus to every system on the same network. One part of training is ensuring that the proper policies and procedures are in place for the employees to follow.