MedStar Health slowly coming back online after malware attack

MedStar Health, a 10 hospital system serving the Maryland and Washington DC area, was the latest medical facility to fall victim to a malware attack yesterday.  Reports yesterday were very vague but made it clear that something happened.  Additional reports are coming out today that seem to confirm that, as suspected yesterday, this was another ransomware attack.  According to this article, some of the employees are reporting that their computer screens displayed pop-ups seeking 45 Bitcoins ($19,000) in exchange for the digital key to decrypt the data.  If this is the case, this would make MedStar Health one more in a growing list of medical facilities being hit with malware (Methodist Hospital in Kentucky, Hollywood Presbyterian Medical, in California, etc.).  Cisco Talos is speculating that the malware used in the attack may have been the recently discovered SamSam malware that attacks JBoss application servers, a diversion from the email phishing attacks that we have seen in the past.  Either way though, there are a number of lessons that we can (should?) take from these:

  • Everyone / anyone is a target (this author believes that attacking healthcare providers takes a special kind of dirtbag).
  • If you don’t find (and fix) your weak spots, attackers will find (and attack) them.
  • If this latest attack was against SamSam and our understanding (per Cisco Talos) is accurate, this reinforces the need for keeping systems, even internal systems that we don’t believe anyone else has access to, up-to-date.

Additional Information

  • http://www.databreachtoday.com/medstar-shuts-systems-after-cyberattack-a-8999
  • https://threatpost.com/medstar-slowly-restoring-services-after-malware-attack/117079/
  • https://threatpost.com/new-server-side-ransomware-hitting-hospitals/117059/

One thought on “MedStar Health slowly coming back online after malware attack

Leave a Reply