MedStar Health Ransomware

What happened?

On March 28, MedStar Health, the largest healthcare provider in Maryland and Washington, D.C., disclosed an attack on their computer systems and encrypted medical records. The hacker used ransomware, a form of malware that locks computer access until a specified ransom is paid.

MedStar states that, despite the compromise, the attack did not affect patient safety or expose patients’ protected health information.

The attack comes just a week after two hospitals in California and one in Kentucky were also subjected to ransomware. In many similar cases, hospitals have eventually paid the ransom to regain network access.

MedStar quickly shut down their systems to prevent the virus from spreading. While the digital shutdown did not halt hospital operations, staff members were forced to operate completely offline, resorting to paper recordkeeping.

The cybercriminals are seeking payment in bitcoins in exchange for a digital key that will unlock MedStar’s networks. Bitcoins are a hard-to-trace digital currency, which help conceal the attacker’s location or identity.

The hackers are demanding 45 bitcoins — about $19,000 USD at current exchange rates — to unlock all of MedStar’s infected computers.

MedStar is currently working with the FBI to resolve the matter. It is not clear if they intend to comply with the hacker’s demands.

What should you do?

Medical data sells for top-dollar on the dark web — it’s no wonder medical identity theft is the fastest growing form of identity theft in the United States. Despite claims that no patient data was compromised, current and former MedStar patients should remain vigilant of potential identity crimes.

  • Closely review any Explanation of Benefits (EOB) you receive in the future
    If your medical information was exposed, a criminal could use your information to obtain medical services, prescription drugs or Medicare/Medicaid benefits. Review your EOB for unfamiliar procedures, tests or prescriptions.
  • Check your medical history
    Review your medical history with your doctor to search for inaccuracies. Medical identity thieves could cause serious health complications if they provide a different blood type, medical history or known allergies under your name.
  • Ask health organizations how your data is stored
    Make sure your health data is encrypted on password-protected devices. Opt for health organizations that prohibit employees from using their personal devices, as this is a major area of compromise.

Due to the lucrative appeal of this hospital-for-ransom scheme, hackers will likely continue to target these entities in search of ransomware bounties and patient information.