The FBI is investigating a computer virus that has crippled Washington, D.C.-based MedStar Health's information systems.
The virus hit MedStar Georgetown University Hospital and other facilities in the region. A hospital spokesperson said in a statement that the clinics are open and functioning but employees have been unable to log in to systems.
A law enforcement official said the FBI is assessing whether the virus is ransomware, in which hackers extort money in exchange for returning a victim's systems to normal. The official spoke to the Associated Press on condition of anonymity because the person was not authorized to publicly discuss details about the ongoing criminal investigation.
There was “no evidence” that data had been stolen, according to hospital officials. But hospital employees said they were unable to access email or patient records.
"We can't do anything at all. There's only one system we use, and now it's just paper," said one MedStar employee who, like others, spoke on condition of anonymity because this person was not authorized to speak to reporters.
Dr. Richard Alcorta, medical director for Maryland's emergency medical services network, said he suspects it was a ransomware attack, based on multiple ransomware attempts on individual hospitals in the state. Alcorta said he was unaware of any ransoms paid by Maryland hospitals or health-care systems.
"People view this, I think, as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus," he said.
Alcorta said his agency first learned of MedStar's problems at about 10:30 a.m., when the company's Good Samaritan Hospital in Baltimore called in a request to divert emergency medical services traffic from that facility. He said that was followed by a similar request from Union Memorial, another MedStar hospital in Baltimore. The diversions were lifted as the hospitals' backup systems started operating, he said.
MedStar operates 10 hospitals in Maryland and Washington, including the MedStar Georgetown University Hospital, along with other facilities. It employs 30,000 staff and has 6,000 affiliated physicians.
In March, Hollywood Presbyterian Medical Center in Los Angeles paid about $17,000 in bitcoins to hackers who infiltrated and disabled its computer network.
Then last week, two Prime Healthcare Services hospitals in Southern California were targeted by ransomware. The virus affected Desert Valley Hospital in Victorville and Chino (Calif.) Valley Medical Center.
Monday's hacking at MedStar came one month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment.
Hollywood Presbyterian Medical Center, which is owned by CHA Medical Center of South Korea, paid 40 bitcoins — or about $420 per coin of the digital currency — to restore normal operations and disclosed the attack publicly. That hack was first noticed Feb. 5 and operations didn't fully recover until 10 days later.
Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.
Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.
The Associated Press contributed to this report.