MedStar’s Medical Meltdown
MedStar Health is continuing to recover after a malicious rasomware virus attack on Monday, March 28, 2016, stormed their servers, leaving many patients unable to receive treatment and medication. Many patients received a message indicating that their appointments needed to be rescheduled due to the facility’s inability to access records online or check their emails. A MedStar official stated that the incident had no impact on patient care and all clinical operations were up, but according to NBC News “a suburban Washington woman, who asked that her name not be used, said her husband was forced to miss three days of cancer radiation therapy.” Because of the conflicting statements, it is uncertain how much damage MedStar has taken – but what is certain is that cyber threats are becoming increasingly common. Electronic Health Records (EHRs) are the latest target for identity theft. With access to your latest medical records, a perpetrator would be able to produce fake Social Security cards and credit cards, and have the capability to order prescriptions for resale purposes.
Protecting yourself against hackers
According to an AP report many of these records show up on a “dark website” where the thieves openly boast about the acts they committed. The hackers also have a pay site where you can buy the complete set of records for personal use. Some also blackmail the facilities they “hit” into spreading the virus, or risk having their systems released to the world. But if you pay the fee, who is going to stop it from happening again two days later?
The FBI is urging victims to not give into demands and to not pay the ransom for recovering stolen info. Many hospitals along the West Coast have been victims of cyber threats over the past year, resulting in more than 100 million medical records being stolen. The FBI has started an investigation to counter the cyber threats and risks of possible identify theft due to health care hacking. Computer security in the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. This should be regarded as ludicrous because there have been no systems put in place to protect patient’s information at a higher level after all the cyber-attacks on the healthcare industry. To avoid getting hacked, security professionals recommend the following:
- Follow good password practices
- Avoid using the same email account for banking and shopping
- Use pin codes on your IRS returns
- Avoid giving out your social security number, even the last four digits, to hospitals and doctors’ offices
It is this form of cyber terrorism that is milking this country for thousands of dollars at a time. The FBI is urging people to encrypt their emails, regularly change their passwords, and be mindful of where and how you share your information. MedStar said in a statement that the virus prevented some employees from logging into systems. The multi-million dollar company stated that with over 10 facilities they would have to continue operations by relying on a paper backup system. This could slow down the facilities’ efficiency in patient care, but according to an AP report MedStar is taking the necessary steps to continue to give quality care for all patients, new and existing. It is not certain when the company will be back and fully operational, but what is alarming is that patients are still at high risk for having their information stolen.
Christopher T. Nace works in all practice areas of the firm, including medical malpractice, birth injury, drug and product liability, motor vehicle accidents, wrongful death, and other negligence and personal injury matters.
Read more about Christopher T. Nace.