A sophisticated ransomware attack on MedStar National Health System has compromised the personal and medical records of 14 million patients across its 31-hospital network, making it the largest healthcare data breach in US history.
Attack Details
The threat actor, identified as the BlackSuit ransomware group, exploited an unpatched vulnerability in MedStar's Citrix remote access gateway to gain initial network access in late February.
- Exfiltrated data includes names, SSNs, insurance IDs, medical diagnoses, and prescription histories
- Attackers spent 23 days inside the network before deploying ransomware
- $40 million ransom demanded in Bitcoin; MedStar has not disclosed whether payment was made
- Multiple hospitals reverted to paper records for 11 days during recovery
Patient Impact
MedStar is offering 24 months of free credit monitoring and identity theft protection to all affected patients. The HHS Office for Civil Rights has opened a HIPAA investigation, with potential penalties reaching $1.9 million per violation category.
