MedStar Attack: Systems Being Restored, Patient Data Protected

As MedStar Health recovers from what company officials called a "despicable attack" on its electronic systems, it is working get back online, the company said in a statement Wednesday.

MedStar took down its electronic systems Monday morning upon finding malware, according to a statement from the company.

By Wednesday, medical records were back online and clinicians could submit orders using electronic health records, the statement said.

Online appointment-setting was still not back up and running, so MedStar advised calling its offices directly to make or confirm appointments.

Related: Virus Infects MedStar Health Computers; Networks Shut Down

"...no patient or associate information of data have been compromised," reported MedStar, which recorded more than 4 million outpatient visits in 2015.

Its network encompasses 10 hospitals—Franklin Square, Good Samaritan, Harbor Hospital and Union Memorial in Maryland—as well as dozens of outpatient clinics.

In the aftermath of the malware detection, there were some snafus.

In "a few unique exceptions," the doors were not open at MedStar facilities, but on the whole, officials said MedStar services continued.

And some systems remained offline Wednesday as a result of what The Washington Post called a "ransomware" attack in which a hacker was demanding $19,000 as payment for releasing data.

"MedStar is proud of and thankful to our team of physicians, nurses and associates who dedicate themselves to maintaining high quality patient care and who have continued to provide this care in the face of this despicable attack," MedStar said in a statement.

MedStar's president said that the attack was "sad," particularly given the mission of the company.

“The attempt to negatively impact an institution designed to save lives and care for those in need is a sad and troublesome reality of our times," MedStar Health CEO/President Kenneth A. Samet said. "—not only for MedStar Health, but for our entire industry and the communities we serve."

The FBI is reportedly investigating the case.

Statement from MedStar Health on Computer Downtime

11 a.m. on March 30

Within 48 hours of the malware penetration on MedStar Health's information system, the three main clinical information systems supporting patient care are moving to full restoration, and enhanced functionality continues to be added to other systems. We are pleased that our analysis continues to show that no patient or associate information or data have been compromised. MedStar's IT team and cybersecurity experts have worked around the clock to protect the integrity of our clinical data systems, and to restore operations. Clinicians are now able to review medical records and submit orders via our electronic health records. Restoration of additional clinical systems continues with priority given to those related directly to patient care.

The recovery of major clinical information systems followed MedStar's decision to take our systems offline to prevent the spread of the malware identified early Monday morning.

Systems that enable patients to make medical appointments are moving toward full restoration and this will reduce the disruption in appointment setting experienced in the initial hours following the detection of malware. As we bring these capabilities back, we encourage individuals to call their provider's office directly to confirm or make appointments.

MedStar is proud of and thankful to our team of physicians, nurses and associates who dedicate themselves to maintaining high quality patient care and who have continued to provide this care in the face of this despicable attack.

Statement from MedStar Health on March 29:

Significant progress is being made toward restoring functionality of MedStar Health’s IT system, which was affected by malware early Monday morning. At the early signs of an issue, our team quickly made a decision to take down all of our systems as a precaution and to ensure no further corruption.

After a careful assessment and testing overnight, we are working to restore the majority of our IT systems today. We are using backup systems, including paper documentation—a process used before the advancements of technology—where necessary, and as an additional layer of support to our clinical operations. We will continue to partner with experts in the field of IT and cybersecurity, as well as law enforcement, to continually assess the situation as we safely restore functionality.


Every caregiver across the system is trained to prepare for these types of challenges, and our patients can be assured that their team of caregivers is well coordinated. Patients should feel confident that they will receive excellent care, and can continue to rely on our commitment to provide the highest levels of quality and safe care.

With a few unique exceptions, all of our doors remain open. As we shared yesterday, the safety of our patients and associates and the privacy of their information is our utmost concern. We have no evidence that patient information has been compromised or stolen in any way. Patient information will not be added to any system without ensuring it is completely free of any and all viruses and security threats.

“Despite the challenges affecting MedStar Health’s IT systems, the quality and safety of our patients remains our highest priority, which has not waned throughout this experience. Fortunately, the core ways in which we deliver patient care cannot be altered, manipulated or harmed by malicious attempts to disrupt the services we provide,” Stephen R.T. Evans, MD, executive vice president, Medical Affairs and chief medical officer, MedStar Health. “Our ability to serve our patients and their families depends first and foremost on our caregivers, and their expert knowledge and compassion focused on each patient.”

“The attempt to negatively impact an institution designed to save lives and care for those in need is a sad and troublesome reality of our times, not only for MedStar Health, but for our entire industry and the communities we serve,” says Kenneth A. Samet, FACHE, president and chief executive officer, MedStar Health. “Fortunately, thanks to the expertise and dedication of our clinical and IT teams, we are addressing the current issue in an expeditious and thoughtful manner, never losing sight of our responsibility to our patients.”