Staff carries on through computer outage at MedStar health – Baltimore Sun
As MedStar Health suffered through a second day without access to its computer systems Tuesday, visitors at Union Memorial Hospital were greeted by a lobby security guard thumbing through printed sheets of patient information.
On the desk next to him, the screen of a public computer terminal was blank.
Medstar, which operates 10 hospitals in the region, said Monday that a virus had infected its systems. The company pulled its networks offline to stop the infection from spreading. Spokeswoman Ann C. Nickels said Tuesday that “significant progress” was being made toward getting the system back online.
The virus caused some problems in delivering services, Medstar said in a statement, but its facilities remained open.
“The quality and safety of our patients remains our highest priority, which has not waned throughout this experience,” Dr. Stephen R.T. Evans, the company’s chief medical officer, said in a statement. “Fortunately, the core ways in which we deliver patient care cannot be altered, manipulated or harmed by malicious attempts to disrupt the services we provide.”
A spokesman for the FBI, which has confirmed that it is aiding the company, said there were no new updates.
Kenneth A. Samet, chief executive of MedStar, said it was particularly troubling that hackers would target a health care organization.
“The attempt to negatively impact an institution designed to save lives and care for those in need is a sad and troublesome reality of our times, not only for MedStar Health, but for our entire industry and the communities we serve,” Samet said.
Some staff members at Union Memorial said they knew no more about the details of the attack than the public does. They were working with paper files — a novelty to younger members, but familiar to veterans — to make sure patients were treated.
Nikki Curry, a nurse, said she did not think the computer virus was having much effect on patients. She said clinical staff had pulled together so the work was “flowing pretty well.”
“That’s what I love about working here,” she said.
Still, she said, she had no idea what was going on.
“They haven’t said anything to us,” Curry said. She didn’t know when the computer problems might be fixed.
Gary Weber, an equipment technician, said he had heard some grumbling about having to switch to paper, but there were “no freakouts going on.”
In general, he said, staff members found themselves sitting in front of stacks of documents rather than staring at a screen.
MedStar is scheduled to open a new facility in Bel Air this weekend. Managers said the computer problems should not affect their timeline.
But there were indications that not all of the company’s facilities were handling the outage as smoothly. The Washington Post reported that patients were being turned away at MedStar Georgetown University on Tuesday morning.
MedStar said there was no indication that data has been stolen, leading outside analysts to focus on a technique called ransomware, which has hit several hospitals in recent months.
Instead of stealing patient information and trying to sell it on the black market, hackers encrypt the files on computer systems and say they will turn over the keys only if the victim pays.
Because hospitals are so reliant on data about their patients, computer security analysts say they make good targets for hackers to bully into paying quickly. Backing up data can reduce the impact of such an attack.
Michael Robinson, a computer forensics teacher at Stevenson University, said one detail about MedStar’s response was striking: He called the decision to pull all of the company’s systems offline extreme.
The company could have taken an alternate route that would not have had such a sweeping impact.
“Blocking all computer systems from hitting the Internet would very likely have kept them operational, but without Internet access,” he said.
MedStar said its IT staff worked overnight Monday but gave no indication of when its systems might be fully restored. The company said no patient data would be entered until the systems are free from infection.