Skip to main content
Keeping you afloat amidst the rising sea of regulations

Are You Safe? Providers Struggle to Contend with Surge in Ransomware Attacks

In the wake of the recent ransomware attack on Hollywood Presbyterian Medical Center (discussed here), news reports have emerged that at least three more medical centers and a large health care system have been the victims of these attacks. Ransomware is a type of computer attack in which a computer virus encrypts computer files, preventing users from accessing the files until a ransom is paid.
The computer systems at two southern California hospitals operated by Prime Healthcare Services, Inc., Desert Valley Hospital in Victorville, California, and Chino Valley Medical Center in Chino, California, were compromised on Friday, March 18. According to Prime Healthcare, its technology specialists were able to limit the attack and no ransom was paid. On the same day, Methodist Hospital in Henderson, Kentucky, also was the victim of an attack.  The attack lasted five days, but Methodist eventually was able to regain control of its computer systems without paying the ransom demand. More recently, MedStar Health, Inc., which serves more than 4.5 million patients in Maryland and Washington, D.C., was attacked on Monday of this week. The FBI is investigating this continuing attack, which shutdown computer access for patients and medical staff at all 10 of the hospitals and dozens of the outpatient clinics MedStar operates. Although MedStar is not commenting on the nature of the attack, reports on Wednesday noted that the hackers who locked the data are demanding a ransom to release it.  As of Wednesday, MedStar stated that it has partially restored the affected systems, and is diligently working to restore the rest.
While one or two ransomware attacks could be considered a fluke, this string of ongoing attacks makes clear that health care organizations are now a prime target for cybercriminals. Health care providers should review their existing cybersecurity policies and procedures and take proactive steps to ensure that they are not especially vulnerable to potential attacks. Arent Fox’s Health Care group and Cybersecurity & Data Protection group continuously monitor issues affecting cybersecurity in the health care industry and advise clients on steps they can take to protect themselves from potential threats as well as appropriately respond to an actual attack.

If you have any questions or need assistance on the topic covered here, please contact Alex Manning, the former Staff Director of the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the House Committee on Homeland Security, Samuel Cohen, Douglas Grimm, or Stephanie Trunk in our Washington, DC office, Sarah Bruno or Jade Kelly in our San Francisco office, Tom Jeffry or Lowell Brown in our Los Angeles office, or the Arent Fox professional who normally handles your matters.