BREAKING NEWS: MedStar Health Hacked, EHR Down, FBI Investigating
Late Monday afternoon, March 28, The Washington Post broke the story that a virus had infected the clinical information system of the 10-hospital, Columbia, Md.-based MedStar Health integrated health system early Monday morning, forcing the system’s leaders to shut down their electronic health record (EHR) and e-mail system, and marking a new watershed moment in the recent history of hacking-based EHR and clinical information system shutdowns in U.S. hospitals.
According to the Post report, “The FBI is investigating the breach, which comes just weeks after similar cyber-attacks on two other medical institutions in California and Kentucky. Still, MedStar officials said they had found ‘no evidence that information has been stolen,” the Post report said.
The Post news story, by reporters John Woodrow Cox, Karen Turner, and Matt Zapotosky, quoted Ann Nickels, identified as a MedStar spokeswoman as issuing a statement that included the following: “MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning.”
At around 4 PM eastern time on Monday, MedStar Health officials released the following statement on the organization’s website: “Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation.”
Meanwhile, also late in the afternoon on Monday, a report in the Baltimore Post-Examiner online noted that “Sources tell the Baltimore Post-Examiner that all Baltimore and Washington D.C. locations of MedStar Health have been affected by a virus attack. This includes MedStar Washington Hospital Center where, we are told, they cannot access any records for patient appointments.” The report, by Anthony C. Hayes, quoted the following statement that the Post-Examiner had obtained: “Early this morning, MedStar Health’s IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation.”
“But,” the Post’s story stated, “the infection could have a considerable impact on the $5 billion health care provider, which operates 10 hospitals and more than 250 outpatient facilities in the Washington region,” the Post story noted. “It serves hundreds of thousands of patients and employs more than 30,000 people.” And, it added, “Without access to sophisticated online systems, hospital staff have had to revert back to seldom-used paper charts and records.” And the Post’s reporters quoted Stephen Frum, a labor representative for National Nurses United who has worked closely with MedStar for 15 years, as saying, “Everything will be slowed down tremendously. It’s huge.”
Healthcare Informatics will update its readers on additional developments in this story as they occur.