Site Map Icon
RSS Feed icon
CWA Local 2336
September 28, 2021
Member Login


Not registered yet?
Click Here to sign-up

Forgot Your Login?
Sandra Theresa Lindsey, a retired Verizon employee passed away on August 27, 2021.  Mrs. Lindsey worked at Verizon until she retired.  The service was held on Tuesday, September 14, 2021 at The New Macedonia Baptist Church, 4115 Alabama Avenue, SE, Washington, DC.  The wake was from 10:00-11:00am and the service was at 11:00am.  If you would like to send flowers, share a memory or read the obituary, go to  Please keep the family in prayer.
RED on Thursdays

Why Wear RED on Thursdays? 

Click here

Weingarten Rights
"If the discussion I am being asked to enter could in any way lead to my discipline or termination or impact my personal working conditions, I ask that a union steward, representative or officer be present.  Unless I have this union representation, I respectfully choose not to participate in this discussion."
<< September 2021 >>
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
Events Calendar image
Events Calendar
Message Board image
Message Board
Classified Ads image
Classified Ads
Downloads image
News Feeds image
News Feeds
Photo Gallery image
Photo Gallery
Weather Report
UnionActive Newswire
Join the Newswire!
Updated: Sep. 28 (11:00)

Jennifer Abruzzo, the NLRB’s General Counsel, Is Labor’s Best Legal Friend
Teamsters Local 355
Local 33 Call Steward letter to the Membership
IATSE Local 33
Annual Leave Exchange
Iowa Postal Workers Union
Leave Carry Over
Iowa Postal Workers Union
Blood Drive at Westside Regional Command Center
El Paso Municipal Police Officers' Association
Retirement Counseling
Charlotte Area Local APWU
Action Center
MedStar hack shows risks that come with electronic health records
Updated On: Sep 07, 2020

Spurred on by the federal government, hospitals in Maryland have moved quickly in recent years to roll out electronic medical records.

The benefits are many. Electronic medical records can help patients avoid unnecessary tests. They help doctors tailor treatment even for patients they are meeting for the first time. With more information on hand, everyone can make better decisions.

But as the attack last week on computer networks at MedStar Health hospitals in Maryland and the District of Columbia demonstrated, the new systems can leave hospitals vulnerable.

After unidentified hackers encrypted hospital data, staff members, patients and family members reported delays in service and confusion in treatment. Some cancer patients were unable to get radiation treatment for several days.

For all the enthusiasm about adopting electronic medical records, security remains a concern. The primary worry has been that hackers could steal patients' information to enable identity theft. But recent attacks have demonstrated the threat of ransomware, in which hackers deny access to data rather than stealing it.

In the MedStar attack, as has been the case with other health care providers, the hackers demanded payment in the difficult-to-trace digital currency bitcoin in exchange for the digital keys to unlock the encrypted data, according to copies of the ransom note obtained by The Baltimore Sun.

MedStar declined to make anyone available for an interview about the attack or its response, but issued a page-long statement in response to detailed questions faxed by The Sun.

"With only a few exceptions, handled on a case-by-case basis, care continued throughout this situation and has been provided to thousands of patients during the past five days," the nonprofit health care system said.

"MedStar's priority throughout this attack remains focused on providing high quality, safe care for patients and continuing to meet the care needs of the community."

Hospitals in California and Kentucky also have fallen prey to recent ransomware attacks.

Despite widespread media coverage of those incidents, analyst Ted Harrington said, many health care organizations still have only a vague understanding of the range of threats they face.

Harrington's Baltimore-based Independent Security Evaluators recently completed a two-year study of the digital threats to hospitals.

"Most health care organizations have not up to this point been adequately considering denial of service," he said, using the phrase for attacks that focus on shutting down a target's systems.

It is also not clear that the laws that require businesses to notify their customers and the public when hackers steal data apply when files are locked up but not stolen. Federal and Maryland laws describe a breach as when information is taken out of a computer system.

Jeffrey L. Karberg, who handles identity theft at the Office of the Maryland Attorney General, said the question revolves around the use of the word "acquire" in the laws.

"If I've just taken your house key and am willing to sell it back, have I acquired your house?" he asked.

The attack on MedStar, which operates 10 hospitals in the region, including Union Memorial, Harbor, Franklin Square and Good Samaritan, brought the computer systems of one of the region's largest health care providers to a halt at the beginning of the workweek.

MedStar opened command centers to deal with the crisis, it said in its statement. Information technology teams worked to identify the malware and moved to block it. The health system said it would not discuss the malware details, the attack or the attackers, but did say it had not paid any ransom.

"Additional media coverage featuring criminal acts — offenses against the public that are punishable — perpetuates the infamy of malicious attacks for airtime and publicity," MedStar said.

By Friday, MedStar said, 90 percent of its systems were back up and running. It said a close-to-normal number of patients had passed through the doors of its facilities during the outages.

Health care executives and regulators say their increasing reliance on computer networks and electronic patient data have brought new challenges.

Sharon Boston, a spokeswoman for LifeBridge Health, said the corporation takes information security seriously and works to adapt to new threats as they arise. LifeBridge operates Sinai, Northwest and Carroll hospitals in the Baltimore region.

"The use of the electronic medical record across the health care industry is broader and deeper than it has ever been, and will continue to grow," Boston said. "With the evolving nature of these electronic threats, LifeBridge Health continually monitors the safety and potential vulnerability of our information systems and takes appropriate action."

Ben Steffen, executive director of the Maryland Health Care Commission, said electronic medical records are still new and have vulnerabilities, but they benefit patient care.

"Certainly, we are still in the midst of introducing and spreading electronic medical records," Steffen said. "We're still at version one in this cycle, and making the systems more secure is one of the more important challenges moving ahead."

Nationally, about 80 percent of doctors now report using electronic records, up from less than 20 percent in 2001. While those figures do not tell the whole story — many practices mix paper and electronic records, and some electronic records are merely scans of papers — they are now considered mainstream.

Hospitals use a variety of measures to prevent hacks and keep patient information safe, said David Sharp, the director of the state's Center for Health Information Technology and Innovative Care Delivery, part of the Maryland Health Care Commission.

Hospitals conduct manual cybersecurity tests, Sharp said, and scan continuously for new viruses.

Chief information officers meet regularly with state officials. After the MedStar hack, Sharp said, the commission plans to hold those meetings more often.

"Hospitals are doing what they should do," he said. "It is unfortunate cyberattacks occur, but no industry is immune."

That's true — every industry faces computer security challenges, and businesses in almost every sector have been targeted by hackers — but analysts say health care organizations face particular difficulties.

Tenable Network Security, which conducted a survey of several industries last year, ranked health care companies' computer security as below average.

"Health care in general has not had a very good track record with information security overall," said Cris Thomas, a strategist at the Columbia-based firm.

Many medical devices are now connected to the Internet, creating another vulnerability in hospital networks. In some cases, security fixes to the devices can be applied only by their vendors' technicians.

There are signs that MedStar could have done more to withstand or even ward off an attack, some analysts say.

Many forms of ransomware require tricking a user into opening a file to begin an infection. The best defense is training employees — but even then, there is no guarantee that a craftily worded email from a hacker won't con a staff member.

The tool used to attack MedStar, according to details of the ransom note and a website to which the hackers directed MedStar, was Samsam, a different kind that preys on weaknesses in a particular piece of software.

It is dangerous because it can be slipped into a network at any time of day or night and spreads quickly. But the defense against it is easier: Install updates that fix the weaknesses.

"From a resolution standpoint, this is a really easy-to-solve problem," said Craig Williams, an analyst at Cisco's Talos who has been tracking the use of Samsam.

The tool is new — it first appeared in December — but private security companies and the FBI have been warning about it, and the weaknesses it exploits are widely known.

By Monday morning, when MedStar discovered what it called a virus in its systems, it was too late to take those steps. Instead, the company's response was to pull everything offline.

MedStar called the decision "courageous and mission-critical." The health system said law enforcement and cybersecurity experts praised the move as "a critical component in the resulting recovery time."

But security analysts who spoke to The Sun have questioned the move, which they called an extreme measure that harked back to the responses of the 1990s.

"It sounds to me sort of like a panic mode," Thomas said. "Disconnecting and unplugging sort of works, but it's not a viable solution these days."

The outage left doctors and nurses relying on older techniques to move information. Paper records stacked up on desks, and fax machines were pressed into service.

One doctor said a little beeping device that is practically an antique in the wider world but still common in hospitals proved invaluable.

It's called a pager.

Copyright © 2016, The Baltimore Sun

Organize Today
Learn more about organizing your workplace!

Click Here
CWA Economic Justice and Democracy

Act Now!

Tell Congress to pass Paid Sick and Family Leave for ALL workers NOW!  To complete the form, click here.

We need Protective Equipment Now - Healthcare and other essential workers are on the front line of the COVID-19 crisis.  You can take action by signing the petition, click here.

Contact Elected Officials!
Important Links
CWA District 2-13
National AFL-CIO
Union Plus
Union Built PC
Newsletter Sign-up
Sign-up for newsletter & email updates
Blog Topics
Communications Workers of America Local 2336
Copyright © 2021, All Rights Reserved.
Powered By UnionActive™

Top of Page image