SUMMARY
Medstar Health was the target of ransomware attack in 2016. The attack impacted the provision of healthcare services to the patient. Medstar opted not to pay the ransom and, instead, responded by shutting down its electronic medical record (EMR) systems and restoring the data from the backups. The paper analyzes the event, Medstar’s response and its negligent behavior that allowed the vulnerability to be exploited. The author provides an ethical position statement and recommendation to reduce the chances of any future attacks.