Cyber Incident Victim: MedStar911
Date:
Oct 2022
Location:
United States of America
Summary
A cyberattack disrupted computer-aided dispatch and patient care reporting systems for a North Texas emergency medical services provider, forcing temporary manual radio dispatching while systems underwent security remediation. The organization detected the network intrusion in the morning, prompting diligent scrubbing and gradual restoration of services, with partial functionality returning by evening. Despite operational disruptions, emergency medical services remained uninterrupted throughout the incident. Officials found no evidence of compromised patient data or 911 records during the attack response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 20, 2022, MedStar, a 911 emergency medical services provider in Tarrant County, Texas, experienced a cyberattack disrupting its computer-aided dispatch and patient care reporting systems. The organization detected unauthorized activity on its computer network that morning, prompting immediate operational changes. MedStar spokesperson Matt Zavadsky confirmed technicians began diligently scrubbing affected systems and methodically restoring them to service following security protocols. While emergency medical services continued without interruption, dispatchers temporarily shifted to manual radio-based dispatching as a precautionary measure until cybersecurity teams could verify system integrity. This manual workaround maintained response capabilities but represented a procedural downgrade from automated processes.
By 6 p.m. on the same day, MedStar reported gradual restoration progress, with systems slowly coming back online under controlled conditions. Officials anticipated resuming computer-aided dispatching operations imminently and committed to updating regional 911 partners as recovery advanced. The organization conducted ongoing assessments but found no evidence suggesting compromise of patient medical records or 911 call data during the incident. No ransomware claims or specific threat actor details were disclosed publicly. MedStar's response focused on systematic recovery rather than attributing blame or detailing attack vectors, maintaining operational continuity while prioritizing system security before full restoration.