Hackers have effectively crippled the computer system of MedStar Health Inc. with a virus forcing the Baltimore-Washington area hospital chain to shut down its email and record systems for thousands of its patients and doctors.
The breach, which occurred on Monday, paralyzed the operations of hospitals and doctors offices as patients were not able to book for appointments and staff were locked out of their email accounts.
"MedStar Health's IT system was affected by a virus that prevents certain users from logging-in to our system. MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization," MedStar said in a statement.
The incident raises concern about the security of hospitals across the country as similar cyberattacks on three other medical institutions in Kentucky and California also occurred a few weeks earlier.
MedStar officials said that there have been no evidence of information being stolen so far but the infection could have serious impact on the healthcare provider, which operates 10 hospitals and over 250 outpatient facilities.
Hospital staff had to revert to manual operations using paper charts and records without access to the online system, which could have tremendous impact on a hospital system that serves hundreds of thousands of patients and more than 30,000 employees.
Surgeries and appointments, for instance, could be delayed. Lab results would take longer than usual to come back and these are often needed for diagnosis and before medications can be ordered.
A law enforcement officer said that the FBI is already conducting investigations to determine if the virus was a ransomware through which hackers extort money in return to reverting their victims' computer systems to normal.
A Los Angeles hospital earlier paid hackers $17,000 to regain control of computer system that hackers took over using a ransomware sent through an email attachment.
"People view this, I think, as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus," said Maryland's emergency medical services network medical director Richard Alcorta, who suspects the MedStar breach was a ransomware attack.
A MedStar employee, who requested for anonymity, said that two other employees saw a pop-up on their screen stating that they have been infected by a computer virus. The pop-up also asked for a ransom to be paid in some form of Internet currency.