An anonymous reader writes: IT staff at multiple hospitals have been forced to stop all routine and net new operations and perform an all hands on deck emergency malware control effort in the last several weeks. The latest instance of this can be seen at MedStar Hospital. From a ZDNet report, "Malware has infected the computer network of MedStar Health, forcing the healthcare provider to shut down large portions of its electronic operations. A statement by the health system said that all facilities remain open, and that there was "no evidence of compromised information." The not-for-profit healthcare system operates ten hospitals across the Washington and Baltimore region, with more than a hundred outpatient health facilities. According to the system's website, it has more than 31,000 employees and serves hundreds of thousands of patients annually." This outbreak appears to be fairly widespread and not limited to the single story listed. A similar story appeared on Slashdot several weeks ago and a quick search on Google provides multiple hits that indicate that this type of incident is much more commonplace than I would have believed. Hospitals provide round the clock service to patients and many of these services are critical to the health of the hospital clients. Most hospitals invest significant resources into security. Vendors may limit local IT staff in terms of how well a turnkey solution is designed to prevent infection. In short, hospital IT staff seem to be in the position of having to respond to rather than prevent these types of incidents. IT analysts predicted that 2015 would be the year that hospitals became targets for hackers. It appears that 2015 was just the first wave of the potential storm coming that is headed directly towards our healthcare IT infrastructure. How can hospitals guard themselves against these attacks when perpetrators can adapt almost instantly to new security measures while hospitals are constrained by operating concerns?