Medstar Ransomware: Whose to Blame?

The recent ransom attack on Medstar Health infiltrated the company’s software, forcing them to rely on a prehistoric system: paper records. Medstar cares for more than half-million patients each year across Maryland and the Washington, D.C. region, operates ten hospitals, employs 30 thousand staff, and 6,000 affiliated physicians.

The ransom virus has been on the rise, attacking two other health companies in the past two months. Just weeks earlier, a California hospital paid ransom with bitcoin currency, the nearly impossible to trace, pseudonymous cash. Chris Stangl, a section chief in the FBI’s cyber division, said, “the crime is financially motivated, and the hackers make demands that put their victims in a difficult spot.” The hackers attack critical data — such as patient records — then ask for a ransom low enough that a business or individual will consider paying it. Meaning the more they attack, the better it becomes a lucrative business venture.

Computers become infected with “ransomware” — often because they click on a link or open an attachment. In general, ransomware will then encrypt files or lock users out until they pay for the key. The type of ransomware will determine the ease of recovering encrypted files. Read more about the looming power of ransomware to get an in depth look at the different threats companies face.

The biggest threat Medstar currently faces is the public’s scrutiny. They have recently been questioned about their prior knowledge of their weakened system. According to a report by The Associated Press, Medstar was aware of the system’s instability and stated the attack could have been avoided had they updated their software back in 2007. Although they deny the allegations, the tool used to attack MedStar could have been defended against by installing updates that fix the weaknesses. According to details in the ransom note and a website to which the hackers directed MedStar, the attack searches the Web for a particular kind of software and exploits its weaknesses. Unmonitored, it can slip into a network and spread quickly.

These attacks shed light on the different side of preventative measures. Computers with the best security systems can still be hacked when there is a lack of knowledge from employees on how to handle these situations. This absence of education can bring entire systems down. Medical facilities are vulnerable to these attacks in part because they do not properly train their employees on how to avoid being hacked, according to Sinan Eren, who has worked in cybersecurity for government and health-care organizations for two decades.

For example, employees at Medstar reported being emailed to click on links. Contact information of all company employees is easily accessible, allowing hackers to send email phishing attacks. Unsuspecting employees, Stangl said, are asked to click on what seem to be innocent links or attachments — perhaps something as simple as a customer complaint — that then infects their computers.

Ransomware is an up and coming threat that must be taken seriously. As users grow more aware and knowledgeable, attackers begin to take elaborate steps to seem trustworthy. It is increasingly harder to wean out attacks from innocent emails. The best way to combat these innovative attackers is to stay up to date on viruses.

Originally published at on April 27, 2016.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.