UPDATE 29-MAR-2016 4:30 pm: Medstar has released an official statement regarding the incident.
LEONARDTOWN, Md. (March 29, 2016)—MedStar St. Mary's Hospital in Leonardtown reported on
their Facebook page Monday that their internal computer systems have been impacted by a 'virus that prevents certain users from logging-in to our system.'
"Early this morning, MedStar Health's IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization. We are working with our IT and Cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning. We have no evidence that information has been compromised. The organization has moved to back-up systems paper transactions where necessary."
A screen capture purported to be from a screen of a hospital computer is circulating on the internet and identifies the virus as ransomware. Ransomware works by encrypting the computer's disk drives using advanced encryption techniques that require a unique key to unlock. Any attached file systems, such as USB drives and shared network drives can also be impacted. The perpetrators require the victim to pay a ransom in order to obtain the key to unlock their files. Payment is often required to be made in
Bitcoin—a relatively new digital currency that is very difficult to trace.
Renowned information security researcher and author Brian Krebs just 2 weeks ago
a similar attack at Methodist Hospital in Henderson, Kentucky. The
attackers demanded $1,600 in ransom in this case. A
Los Angeles hospital paid almost $17,000 in ransom in February,
according to a NPR report.
Krebs wrote that while many ransomware
infections are the result of people browsing the web with outdated browsers
and/or browser plug-ins like Adobe Flash and Java, the attack in Kentucky
used one of the original methods of infection.
"The attack on Methodist Hospital was another form of
opportunistic attack that came in via spam email, in messages stating
something about invoices and that recipients needed to open an attached
While in the past there had been cases of a
flaw in the ransomware code that allowed data to be recovered, most security
experts today agree that it is essentially impossible to decrypt the files
without the key held by the perpetrators. However,
experts disagree on whether or not to pay the ransom. Those against
paying argue that payment only encourages the spread of the problem. They
also say that payment is no guarantee that you will receive the key. Others
counter that to not provide the key to victims who pay would only damage the
business model of the perpetrators and encourage others not to pay in the
alternative is wipe the affected systems and restore the data from
backups—if they exist.