Following malware attack, MedStar docs regain EHR functionality

Clinicians at MedStar Health can now review medical records and submit orders via the electronic health record after a malware attack March 28 forced computers offline, the Maryland-based hospital chain said in a statement Wednesday morning.

MedStar, which operates 10 hospitals throughout the District of Columbia and Maryland, said its "three main clinical information systems supporting patient care" are still moving toward full restoration thanks to round-the-clock efforts by its IT team, as well as cybersecurity experts. Patient and associate data, thus far, has not been compromised, analysis has shown.

"Restoration of additional clinical systems continues with priority given to those related directly to patient care," the statement noted.

MedStar urged patients to call to confirm or make appointments, as it continues to restore its online medical appointment systems.

In a statement released Tuesday afternoon, MedStar confirmed it had turned to the use of paper charts "where necessary," adding that "with a few unique exceptions, all of our doors remain open." It was reported Tuesday that patients had been turned away at some facilities.

The FBI is investigating the incident as a possible ransomware attack.

One lawmakers, meanwhile, used the incident as an opportunity to voice his concerns with the national state of healthcare privacy.

Sen. Lamar Alexander (R-Tenn.), chairman of the Senate Committee on Health, Education, Labor & Pensions, released a statement calling on the U.S. Department of Health and Human Services to use urgency in implementing cybersecurity legislation recently passed by Congress. As part of the law, the Cybersecurity Information Sharing Act of 2015, HHS must name an official responsible for leading its cybersecurity efforts. The agency recently formed a task force that will meet in person four times this year and develop a report on emerging cyberthreats in the industry. The task force also is expected to create a resource that can deliver cyberintelligence from the federal government to healthcare organizations in real time.

"The consequences of cyberattacks like yesterday's hacking at MedStar Health can be catastrophic for America's patients--imagine, an attack leaving doctors unable to access crucial information in a patient's health history or delaying a surgery for hours on end," Alexander said. "Yesterday's attack, which, unfortunately, is not unique, shows the need for HHS to implement the law with the urgency patients and hospitals deserve."

Prior to the attack, Rep. Ted Lieu (D-Calif.) said he may propose a bill that would require providers to let their patients know when a ransomware attack has occurred.

To learn more:
- here's the March 30 statement from MedStar
- read the March 29 statement