Virus causing outages at MedStar Health

Posted at 3:36 PM, Mar 28, 2016
and last updated 2016-03-29 06:31:08-04
WASHINGTON (AP) -- The FBI says it's investigating a computer virus that has crippled information systems at the major Washington-area hospital chain MedStar Health Inc. 
MedStar Health is the largest hospital system in the Baltimore-DC area, with ten hospitals. The virus has affected Washington's Georgetown University Hospital and other medical offices in the region. 
Medstar said in a statement that the virus prevented some employees from logging into systems. But it said all of its clinics remain open and functioning. 
Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar's highest priorities are the safety of our patients and associates and confidentiality of information. Therefore, MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with law enforcement, our IT and Cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back-up systems paper transactions where necessary.
The hospital chain said it has no evidence so far that patient information had been stolen. 
If someone hacking into a hospital group's computer system surprises you, it shouldn't according to Andre Protas from Cyberpoint Security in Baltimore. 
"Once you have people getting infected by it, they have no idea what to do next," he said. 

Cyberpoint Security specialized in breaching other companies' computer systems to see how good their defenses are. He said he hasn't met a system he couldn't crack.
"So far I haven't met one," Protas said. "My team is luckily batting 1,000 when it comes to this kind of intrusion work."
Protas said MedStar's hack is probably one of two problems. The worst case scenario would be a data breach, where private information on patients and employees has been stolen. If that's the case, he said it's probably already gone. 
"Depends on how they've secured their environment," Protas said. "But for the most part, once you're in and you have access just like any normal user would have access you can start pulling some of the data."
The other potential issue would be what's called 'ransom-ware.' Last month a hospital in California was forced to pay $17,000 in the cyber-currency 'bitcoin' to regain access to its own data, which the hackers had encrypted. Protas said if that's what happened to MedStar, they'll likely pay the ransom too. 
If it's a data breach, eventually MedStar is likely to resort to offering credit monitoring to anyone who's affected. The FBI is also involved in the investigation.

Download the ABC2 News app for the iPhone, Kindle and Android.