Cybercriminals targeted the computer systems of a health care provider based in California, resulting in the closure of emergency rooms in several states and redirection of ambulance services.
The attack, which involved ransomware, occurred at Prospect Medical Holdings of Los Angeles, which operates hospitals and clinics in Connecticut, Pennsylvania, Rhode Island, and Texas. The company is currently investigating the breach and working to resolve the issue, according to a statement released on Friday.
“Prospect Medical Holdings, Inc. recently experienced a data security incident that has disrupted our operations,” said the company in the statement. “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”
The Federal Bureau of Investigation (FBI) has also initiated an investigation into the breach, as stated in a late Friday announcement.
“We continue to encourage anyone who thinks they are a victim of this incident to report to ic3.gov or your local FBI field office,” the agency said.
Crozer-Chester Medical System in Springfield, Pennsylvania, has reverted to using paper systems because most of their computers are offline. It is unlikely that the computers will be back online until next week, according to the Pennsylvania Association of Staff Nurses and Allied Professionals.
Two hospitals in Rhode Island, Roger Williams Medical Center and Our Lady of Fatima, were also affected by the attack, according to a law enforcement official.
Globally, the healthcare industry has remained the most targeted sector for cyberattacks in the period ending in March, according to IBM’s annual report on data breaches. This sector has reported the most expensive breaches for 13 consecutive years, with an average of $11 million per breach. The second-largest sector, finance, had an average impact of $5.9 million per breach, nearly half of the healthcare sector’s.
John Riggi, the senior cybersecurity advisor for the American Hospital Association, stated that the recovery process can often take weeks, with hospitals relying on paper systems and human monitoring of equipment and records between departments.
Elective surgeries, urgent care centers closed
The data breach has resulted in the closure of emergency departments at Manchester Memorial and Rockville General in Connecticut. Patients are being redirected to nearby medical centers. Prospect Medical-owned healthcare facilities are experiencing IT complications, and many services, including elective surgeries and urgent care, have been shut down.
“Our computer systems are down with the outage affecting all Waterbury Health inpatient and outpatient operations,” posted Prospect Medical’s hospital in Waterbury, Connecticut, on Facebook. “We are in the process of reevaluating our downtime capabilities and may reschedule some appointments. Affected patients will be contacted.”
In Pennsylvania, the attack affected services at Crozer Health facilities, including Crozer-Chester Medical Center and Taylor Hospital. Last year, Crozer closed vital healthcare services, including emergency services at Springfield Hospital and Delaware County Memorial Hospital, according to the Delaware County website.
— The Associated Press contributed to this report
