Ransomware Attack on Medstar: Ethical Position statement

Main Article Content

Najam Ul Hassan


Medstar Health was the target of ransomware attack in 2016. The attack impacted the provision of healthcare services to the patient. Medstar opted not to pay the ransom and, instead, responded by shutting down its electronic medical record (EMR) systems and restoring the data from the backups. The paper analyzes the event, Medstar’s response and its negligent behavior that allowed the vulnerability to be exploited. The author provides an ethical position statement and recommendation to reduce the chances of any future attacks.


Download data is not yet available.

Article Details

Hassan, N. U. (2018). Ransomware Attack on Medstar: Ethical Position statement. SEISENSE Journal of Management, 1(4), 29-31. https://doi.org/10.5281/zenodo.1435408
Research Articles

Copyright (c) 2018 Najam Ul Hassan

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Najam Ul Hassan, University of Maryland University College, USA

The author has over two decades of IT experience and is a professional IT project management consultant at an international IT consulting firm and an adjunct associate professor of cybersecurity at a state university. He has masters in computer science, business administration, and international management and he is working on his Ph.D. in business analytics and decision sciences.

Abdollah, T. (2016, April 5). Hackers broke into hospitals despite software flaw warnings. The Associated Press. Retrieved from https://apnews.com/86401c5c2f7e43b79d7decb04a0022b4/hackers-broke-hospitals-despite-software-flaw-warnings

Cox, J. W. (2016, March 29). MedStar Health Turns Away Patients After Likely Ransomware Cyberattack. The Washington Post. Retrieved from https://www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html?noredirect=on&utm_term=.b8eec6f84dc1

Iovan, S., & Iovan, A. (2016). From Cyber Threats To Cyber-Crime. Journal of Information Systems & Operations Management, 425-434. Retrieved from https://search.proquest.com/docview/1861345731?accountid=44888

LaPointe, J. (2016, April 7). MedStar Ransomware Attack Caused by Known Security Flaw. Health IT Security. Retrieved from https://healthitsecurity.com/news/medstar-ransomware-attack-caused-by-known-security-flaw

McCarthy, J. (2016, April 4). MedStar Attack Found to be Ransomware, Hackers Demand Bitcoin. Health IT News. Retrieved from http://www.healthcareitnews.com/news/medstar-attack-found-be-ransomware-hackers-demand-bitcoin

MedStar Health. (n.d.). Retrieved from https://www.medstarhealth.org/

Neal, P., & Ilsever, J. (2016). Protecting Information: Active Cyber Defence For The Business Entity: A Prerequisite Corporate Policy. Academy of Strategic Management Journal, 15(2), 15-35. Retrieved from https://search.proquest.com/docview/1826881224?accountid=44888

Reed, T. (2016, July 6). MedStar Official on Cyberattack: 'We Chose by Design not to Pay the Ransomware'. Washington Business Journal. Retrieved from https://www.bizjournals.com/washington/news/2016/07/06/medstar-official-on-ransomware-attack-we-chose-by.html

Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21,101. Retrieved from https://search.proquest.com/docview/1881414570?accountid=44888

Sabillon, R., Cano, J., Cavaller, V., & Serra, J. (2016). Cybercrime and cybercriminals: A comprehensive study. International Journal of Computer Networks and Communications Security, 4(6), 165-176. Retrieved from https://search.proquest.com/docview/1874038161?accountid=44888