After hospital attacks, FBI offers cybersafety tips

WASHINGTON — Officials at MedStar Health say they are close to restoring normal operations of its information technology systems after being hit with a malware attack on Monday.

Related Stories

In a statement on its Facebook page, the health care giant repeats the assertion that there’s no evidence that patient data has been compromised, adding that computer systems at its 10 hospitals are 90 percent back after the cyberattack.

MedStar officials have not said whether the attack is an example of ransomware, but attacks on hospitals have been reported in recent weeks. As the health care industry — and hospitals in particular — ramp up efforts to digitize records, they become attractive targets to hackers, especially those who launch ransomware attacks, The Washington Post recently reported.

Unit chief at the FBI’s cyberdivision, Jeffrey Coburn said ransomware is the term used when hackers encrypt a user’s files, then send a message demanding payment — often in the untraceable cybercurrency Bitcoin — or the user’s files will remain locked up.

In one case, a Los Angeles hospital paid $17,000. The FBI tells users not to pay the ransoms, because when you do, “you are continuing their business model. You are encouraging them to do this fraud,” Coburn says.

Coburn says the hackers don’t always know who they’re attacking. That could explain why the extortion attempts ask for relatively small amounts even when huge corporations are targeted.

“They don’t necessarily always know who they are sending those ransoms to,” he says. “They don’t know if they’re sending them to a private person or a corporation.”

Coburn says that’s changing.

If you’re hit by a ransomware attack, Coburn urges you to contact the FBI. But the key, as with so much cybersecurity, is prevention. First, make sure you back up your computer regularly.

“This backup should not remain connected to the computer, however, because we found that these perpetrators are actually going after those backups and deleting them, or encrypting those backups as well,” Coburn says.

There are other basic cybersafety practices to make sure you keep your files from attack: Never open attachments from unsolicited emails.

Coburn says even when getting emails from people you know, be careful about opening attachments.

“Also, make sure your anti-virus software is up to date — and that’s not enough — you have to actually run anti-virus scans on your computers,” he says. “Also, make sure patches for your operating system and web browser are up to date.”

Finally, he said, only download software from sites you know and trust.

Below is a full statement from MedStar on Friday:

A cyberattack presented itself in MedStar Health’s IT systems early Monday morning.  Upon discovery, MedStar IT security experts made a courageous and mission-critical decision to bring the remainder of MedStar’s systems and connectivity down quickly.  This decision, in particular, has been recognized by many involved, including cybersecurity and law enforcement experts, as a critical component in the resulting recovery time.  Once down, MedStar and its partners began to assess the nature of the attack, alerting appropriate parties, including regulators and law enforcement.

During the down time of technology systems, MedStar stood up its Command Centers system-wide and began to coordinate with hospitals, outpatient facilities and other services within MedStar.  Health systems and providers are trained for events such as these, and Command Centers are standard protocol as part of a healthcare system’s Crisis Preparedness training.  Regular calls began and status was reported out from the technology teams on the IT systems.  In turn, hospitals and entities reported on their individual status.  At the same time, clinical care providers turned to established backup systems, including paper documentation as necessary, while cybersecurity partners and MedStar’s IT experts worked to identify the malware and create a signature file to contain it.  Leaders regrouped frequently throughout the days and week to keep the process moving forward. 

Thanks to focused efforts, the three major clinical systems were brought back within 48 hours and as of Friday morning, MedStar was approaching 90 percent functionality.  Physicians, nurses, pharmacists, technicians, information systems experts and others were mobilized to bring the organization’s systems back online as rapidly and safely as possible.  With only a few exceptions, handled on a case-by-case basis, care continued throughout this situation and has been provided to thousands of patients during the past five days.

MedStar’s priority throughout this attack remains focused on providing high quality, safe care for patients and continuing to meet the care needs of the community.  Additionally, among its highest IT priorities was to ensure that patient and associate information remained secure and protected.  MedStar takes its service to the community very seriously and as such, will continue to partner with other health systems, cybersecurity experts and law enforcement officials, when appropriate, to share any and all best practices and lessons learned.  However, as MedStar closes in on full functionality of its systems, the focus of the organization and its leaders remains on care for our patients and ensuring that high quality, safe care is being delivered. 

As functionality efforts continue across MedStar, we will not provide additional comments with respect to the privacy and security of our patients and their families.  The leadership is pleased and proud of its teams for their efforts in bringing the IT systems back to functionality. MedStar will not discuss publically any information related to the malware that affected our healthcare system except to confirm that MedStar has not paid any type of ransom.  Details have been provided and are being shared with law enforcement, including the Federal Bureau of Investigation.

Additional media coverage featuring criminal acts—offenses against the public that are punishable—perpetuates the infamy of malicious attacks for airtime and publicity, even if anonymous in nature.  Evidence shows that copycat perpetrators and plotters look to previous examples for inspiration and operational details.  MedStar will not provide details publicly to the malware details, the attack or the attackers.  Though MedStar is not yet focused on an evaluation of the financial impact of the attack,   MedStar is a $5 billion healthcare delivery system and has remained open throughout the attack and maintained near normal volume levels, and in some cases, higher than normal volumes. 

The Associated Press contributed to this report.

Kate Ryan

As a member of the award-winning WTOP News, Kate is focused on state and local government. Her focus has always been on how decisions made in a council chamber or state house affect your house. She's also covered breaking news, education and more.

Follow @WTOP on Twitter and like us on Facebook.

© 2016 WTOP. All Rights Reserved.

More from WTOP

Log in to your WTOP account for notifications and alerts customized for you.

Sign up