MedStar Health says progress being made 'by the hour' after cyberattack

A spokeswoman with MedStar Health says the healthcare provider is still experiencing widespread computer outages after a cyberattack on its systems Monday, but adds that progress is being made “by the hour.”

MedStar Assistant Vice President Ann Nickels told Fox News that the hospital network has regained its ability to access patient records and other vital information largely in a “read only” capacity. She added that many doctors and nurses throughout MedStar are still unable to enter patient data and other medical information into the network’s computer systems.

Nickels would not elaborate on what specific type of attack the healthcare network was experiencing, only saying that MedStar’s IT professionals were working to rid the network of malicious computer software present on its system.

Fox News reported on Tuesday, citing a MedStar doctor, that the healthcare provider is wrestling with a “ransomware” attack and that hackers were holding MedStar’s computers hostage in exchange for payment in Bitcoin.

Nickels also confirmed to Fox that MedStar’s entire email system is still inoperable. Fox News learned this firsthand late Wednesday when an email to a MedStar employee bounced back as undeliverable.

FBI confirmed earlier this week that it is investigating the cyberattack and “looking into the nature and scope of the matter,” according to a spokesperson with the agency.

The health group, which runs 10 hospitals, the MedStar Health Research Institute and the MedStar Medical Group, describes itself as the largest healthcare provider in the Maryland and Washington, D.C. region.

In a statement released Wednesday, MedStar Health acknowledged the operational challenges caused by the malicious malware attack, but added that the level of care it provides has not been affected. “With only a few exceptions, we have continued to provide care approximating our normal volume levels,” it said. “Since Monday morning, we have seen more than 6,000 patients in our hospitals and ambulatory centers.”

Earlier this week the healthcare chain said there is "no evidence" that patient information was stolen or compromised following the cyberattack.

Hospitals have become targets for cybercriminals using ransomware, malicious software used to extort money. The software can encrypt files until a ‘ransom’ is paid in a difficult-to-trace digital currency, such as Bitcoin.

“The payments can be as low as a few hundred dollars,” said Luke Dembosky, cybersecurity attorney for Debevoise and Plimpton and former senior national security prosecutor at the Justice Department. “But lately, we’re seeing the amounts demanded go up into the thousands and even tens of thousands of dollars.”

Dembosky explained that the reason for the spike in dollars demanded is due to the fact that hackers have shifted their sights largely to high-value targets like major hospital networks and large businesses.

The scale of the ransomware threat was highlighted last month when a Los Angeles-area hospital paid nearly $17,000 in Bitcoin to hackers who disabled its computer network, although recent reporting suggests the ransom paid was much higher. Henderson, Kentucky-based Methodist Hospital suffered a ransomware attack in February.

According to cybersecurity analysts, these computer infections come largely by way of “phishing” attacks. As the FBI released in a public advisory last year, “the problem begins when the victim clicks on an infected advertisement, e-mail, or attachment, or visits an infected website.”

Outside of paying the ransom, cybersecurity professionals warn that, if user data is not adequately backed up, there is little that victims can do to recover those files once they are encrypted.

“The option is prevention,” explained Ann Barron-DiCamillo, chief technology officer for Strategic Cyber Ventures and former DHS cybersecurity executive. “Better training for your users to make sure they know what phishing emails look like, that they’re not clicking on links from unknown recipients, that they’re not going to websites that could potentially be watering holes for delivering this kind of malware.”

Fox News’ Lucas Tomlinson contributed to this report.