BREAKING NEWS: MedStar Health Hacked, EHR Down, FBI Investigating

March 28, 2016
News reports on Monday, confirmed by organizational statements, described a cyber-attack on the 10-hospital, Columbia, Md.-based MedStar Health system that had disabled the organization’s EHR, forcing a temporary return to paper-based health records

Late Monday afternoon, March 28, The Washington Post broke the story that a virus had infected the clinical information system of the 10-hospital, Columbia, Md.-based MedStar Health integrated health system early Monday morning, forcing the system’s leaders to shut down their electronic health record (EHR) and e-mail system, and marking a new watershed moment in the recent history of hacking-based EHR and clinical information system shutdowns in U.S. hospitals.

According to the Post report, “The FBI is investigating the breach, which comes just weeks after similar cyber-attacks on two other medical institutions in California and Kentucky. Still, MedStar officials said they had found ‘no evidence that information has been stolen,” the Post report said.

The Post news story, by reporters John Woodrow Cox, Karen Turner, and Matt Zapotosky, quoted Ann Nickels, identified as a MedStar spokeswoman as issuing a statement that included the following: “MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning.”

At around 4 PM eastern time on Monday, MedStar Health officials released the following statement on the organization’s website: “Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation.”

Meanwhile, also late in the afternoon on Monday, a report in the Baltimore Post-Examiner online noted that “Sources tell the Baltimore Post-Examiner that all Baltimore and Washington D.C. locations of MedStar Health have been affected by a virus attack.  This includes MedStar Washington Hospital Center where, we are told, they cannot access any records for patient appointments.” The report, by Anthony C. Hayes, quoted the following statement that the Post-Examiner had obtained: “Early this morning, MedStar Health’s IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation.”

“But,” the Post’s story stated, “the infection could have a considerable impact on the $5 billion health care provider, which operates 10 hospitals and more than 250 outpatient facilities in the Washington region,” the Post story noted. “It serves hundreds of thousands of patients and employs more than 30,000 people.” And, it added, “Without access to sophisticated online systems, hospital staff have had to revert back to seldom-used paper charts and records.” And the Post’s reporters quoted Stephen Frum, a labor representative for National Nurses United who has worked closely with MedStar for 15 years, as saying, “Everything will be slowed down tremendously. It’s huge.”

Healthcare Informatics will update its readers on additional developments in this story as they occur.

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...