FBI probing after hackers cripple computer systems at major hospital chain
WASHINGTON-- Hackers crippled computer systems at a major hospital chain, MedStar Health Inc., on Monday, forcing records systems offline for thousands of patients and doctors. The FBI said it was investigating whether the unknown hackersdemanded a ransom to restore systems.
A computer virus paralyzed some operations at Washington-area hospitals and doctors' offices, leaving patients unable to book appointments and staff locked out of their email accounts. Some employees were required to turn off all computers since Monday morning.
A law enforcement official said the FBI was assessing whether the virus was so-called ransomware, in which hackers extort money in exchange for returning a victim's systems to normal. The official spoke on condition of anonymity because the person was not authorized to discuss publicly details about the ongoing criminal investigation.
"We can't do anything at all. There's only one system we use, and now it's just paper," said one MedStar employee who, like others, spoke on condition of anonymity because this person was not authorized to speak to reporters and feared being fired.
MedStar said in a statement that the virus prevented some employees from logging into systems. It said all of its clinics remain open and functioning and there was no immediate evidence that patient information had been stolen.
MedStar spokeswoman Ann Nickels said she couldn't say whether it was a ransomware attack. She said patient care was not affected and the hospitals were using a paper backup system.
MedStar operates 10 hospitals in Maryland and Washington, including the MedStar Georgetown University Hospital, along with other facilities. It employs 30,000 staff and has 6,000 affiliated physicians.
Monday's hacking at MedStar came one month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment.
Hollywood Presbyterian Medical Center, which is owned by CHA Medical Center of South Korea, paid 40 bitcoins -- or about $420 per coin of the digital currency -- to restore normal operations and disclosed the attack publicly.
The hospital released a statement at the time saying, "The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000. The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this."
The FBI confirmed the attack but declined to comment on its investigation at the time. Hollywood Presbyterian did not responded to CBS News' requests for comment.
That hack was first noticed Feb. 5 and operations didn't fully recover until 10 days later.
Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.
Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen.