• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law

by Fred Pennic 03/30/2016 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

MedStar

The FBI is investigating a Monday cyber attack by anonymous hackers that forced MedStar Health’s 10 hospitals and more than 250 outpatient centers to shut down their computers and email. After the cyber attack was discovered, the provider immediately made the decision to take down all of their systems as a precaution to ensure further security breaches.  The Washington, D.C.-based healthcare system employs more than 30,000 people and treats hundreds of thousands of patients in the Washington region. The incident follows similar cyber attacks targeting at least three other medical institutions in recent weeks.

“MedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization,” spokeswoman Ann Nickels said in a statement on Monday. “We are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning.”

On Tuesday, it was reported that MedStar patients were being turned away or treated without access to the patient’s EHR. By Tuesday evening, MedStar staff could read — but not update — thousands of patient records in its central database, a spokeswoman said.

MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law

The chairman of the Senate health committee said the MedStar cyber attack shows the need for the U.S. Department of Health and Human Services (HHS) to implement cybersecurity legislation passed by Congress “with the urgency patients and hospitals deserve.”

“The consequences of cyber attacks like yesterday’s hacking at MedStar Health can be catastrophic for America’s patients—imagine, an attack leaving doctors unable to access crucial information in a patient’s health history or delaying a surgery for hours on end,”Chairman Lamar Alexander (R-Tenn.) today said. “Congress has passed a law to help keep hospitals and patients safe from these malicious attacks – calling for Health and Human Services to give hospitals and doctors clear information on the best ways to prevent a hack in the first place and putting someone at the agency on the flagpole if a cyber attack occurs. Yesterday’s attack, which, unfortunately, is not unique, shows the need for HHS to implement the law with the urgency patients and hospitals deserve.”

The attack on MedStar Health forced the hospital chain, which serves hundreds of thousands of patients, to shut down its email and health records database in an effort to keep the virus from spreading further throughout the organization. Yesterday’s incident follows similar cyber attacks targeting at least three other medical institutions in recent weeks.

Cybersecurity Information Sharing Act of 2015

Last year, the Senate health committee authored a provision, which passed as part of the Cybersecurity Information Sharing Act of 2015, that would help protect the health care industry from cyber attacks by:

– Charging HHS and its subdivisions with naming an official who is responsible for leading the agency’s cybersecurity efforts—to coordinate response and so health organizations will know who is in charge of offering guidance and support;

– Requesting that the agency issue a report on emerging cyber threats in the health care industry, so both the agency and the American public have an accurate picture of the impact of these attacks;

– Creating a task force of health industry leaders and cybersecurity experts to identify the biggest challenges in securing against cyber threats and recommend specific solutions to the agency;

– Charging the task force to create a central resource to distribute cyber intelligence from the federal government to health care organizations in near real time, so they can rapidly respond to active threats; and

– Instructing HHS to create a series of best practices for health industry leaders to follow—on a voluntary basis—to help them keep their organization’s data as secure as possible. 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cyber security, healthcare security breach, healthcare security breaches, HIPAA violations, MedStar Health

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Interview

Reach7 Diabetes Studios Founder Chun Yong on Reimagining Chronic Care with a Concierge Medical Model

Most-Read

HHS Finalizes HTI-4 Rule: Prior Authorization & E-Prescribing Interoperability

HHS Finalizes HTI-4 Rule: Prior Authorization & E-Prescribing Interoperability

Meaningful Use Penalties_Meaningful Use_Partial Code Free_Senators Urge CMS to Establish Clear Metrics for ICD-10 Testing

CMS Finalizes TEAM Model: A New Era of Value-Based Surgical Care

White House Event Unveils CMS Health Tech Ecosystem Initiative

White House Event Unveils CMS Health Tech Ecosystem Initiative

Digital Health Faces Q2'25 Pullback: Funding Falls to 5-Year Low, But AI Dominates and $1B+ IPOs Emerge

Healthcare Investment Shifts in 1H 2025: AI Remains a Bright Spot Amidst Fundraising Decline

Digital Health Faces Q2'25 Pullback: Funding Falls to 5-Year Low

Digital Health Faces Q2’25 Pullback: Funding Falls to 5-Year Low

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Beyond the Hype: Building AI Systems in Healthcare Where Hallucinations Are Not an Option

Health IT Sector Navigates Policy Turbulence with Resilient M&A

Health IT’s New Chapter: IPOs Return, Resilient M&A, Valuations Rise in 1H 2025

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

PwC Report: US Medical Cost Trend to Remain Elevated at 8.5% in 2026

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

Philips Launches ECG AI Marketplace, Partnering with Anumana to Enhance Cardiac Care with AI-Powered Diagnostics

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

WeightWatchers Emerges from Bankruptcy, Launches New Menopause Program

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |