MedStar Health’s computer systems remained offline on Tuesday for the second straight day as the non-profit, one of the biggest medical service providers in the U.S. capital region, worked to stem the spread of a virus and restore its network.
The virus was discovered at MedStar after several recent attacks on U.S. hospitals by cyber extortionists using software known as ransomware, which encrypts data and demands that users pay to get it unlocked.
The FBI said on Monday it was looking into the incident at MedStar, which is one of the largest medical providers to have operations interrupted by malicious software.
MedStar spokeswoman Ann Nickels said she did not know when the systems would be restored or the type of virus involved, but that “significant progress toward restoring functionality of our clinical systems” had been made.
“Medical services continue,” she said in an interview. When asked if elective procedures would be performed, she said that would determined “case by case.”
At least some patients at the MedStar Washington Hospital Center are being told to reschedule non-emergency appointments, an employee of a MedStar vendor said, requesting anonymity to discuss the matter candidly.
The non-profit, which runs 10 hospitals and some 250 outpatient facilities in Washington and Maryland, said Monday on its Facebook page that its computer network had been infected by a virus that prevented some users from logging into the system early that day.
MedStar quickly decided to take down “all system interfaces to prevent the virus from spreading” and moved to backup systems for paper record-keeping, the post said.
Nickels said that by midday on Tuesday clinicians were able to view some records but new patient information was still being recorded by hand.
Last month, Hollywood Presbyterian Hospital in Los Angeles paid $17,000 to regain access to its systems after such an attack.
Security blogger Brian Krebs last week reported that Henderson, Kentucky-based Methodist Hospital declared a state of emergency after falling victim to a ransomware attack.
(Reporting by Jim Finkle; Additional reporting by Dustin Volz; Editing by Lisa Von Ahn and Richard Chang)