Lessons from the MedStar Health ransomware attack

The ransomware attack that paralyzed MedStar Health computer systems in March taught some painful lessons, according to Craig DeAtley, the organization's director of emergency management.

In a recent interview, DeAtley explains to The Exchange--the newsletter from the Assistant Secretary for Preparedness and Response (ASPR) and the Healthcare Emergency Preparedness Information Gateway (TRACIE)--that the Columbia, Maryland-based health system was caught off guard by the speed in which most of its systems were compromised and locked down.

“We were practiced at individual workarounds, but we had never really rehearsed losing everything, much less all at once,” he says.

MedStar, which includes 10 hospitals and more than 250 outpatient centers, had a corporate emergency plan, and one for each site that had recently been updated. This incident, however, demonstrated the need for a broader, more comprehensive cybersecurity plan, DeAtley says.

While IT/information systems personnel weren’t in charge, they certainly had to be at the table and to be able to communicate highly technical problems to people at all levels.

The health system lost access to more than 370 computer programs and had to prioritize the order in which to bring them back up. Now, MedStar better understands how all its programs are interconnected, DeAtley says.

Patience was a big requirement at all levels. However, he says, while most systems are back up, some files might never be retrieved.

Newer employees didn’t know how to operate without computer systems. Nurses, pharmacists and other staff members stepped up to help their co-workers. The organization, however, is re-evaluating training for this scenario.

The incident reiterates the need to plan for a total system outage, DeAtley says, as well as the need to fully rehearse it. It calls for disciplined and multi-level leadership, careful documentation and clear communication.

“You need to exceed your comfort level to prepare for a problem this vast,” he says.

To learn more:
- read the interview