A California-based health care provider’s computer systems were attacked by cybercriminals, resulting in the closure of emergency facilities in multiple states and the redistribution of ambulance services.
The target of the ransomware attack was Prospect Medical Holdings, which manages hospitals and facilities in Connecticut, Pennsylvania, Rhode Island, and Texas. Prospect Medical is investigating the cause of the breach and working to resolve the issue, according to a statement issued on Friday by the company.
“Prospect Medical Holdings, Inc. recently experienced a data security incident that has disrupted our operations,” the company stated in a statement. “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”
Friday night, the FBI announced that it has also launched an investigation into the security compromise.
The majority of Crozer-Chester Medical System’s computers are inoperable, according to officials from the Pennsylvania Association of Staff Nurses and Allied Professionals, the nurses’ union at Crozer-Chester Medical System in Springfield. As a result, the facility has reverted to a paper system. According to the labor organization, it is unlikely that the systems will be operational within the following week.
A law enforcement official told CBS News that the Roger Williams Medical Center and Our Lady of Fatima hospitals in Rhode Island were also affected.
Healthcare Sector Remains Prime Target for Cyberattacks, Costing Billions in Damages
According to IBM’s annual report on data intrusions, the healthcare industry continues to be the top target for cyberattacks in the year ending in March. For the thirteenth consecutive year, this industry reported the most expensive data intrusions, averaging $11 million per incident. This is nearly double the average cost of a data compromise in the second-largest industry, finance, which averages $5.9 million per incident.
John Riggi, the senior cybersecurity counsel for the American Hospital Association, stated that the recovery process can often take weeks, with hospitals reverting to paper systems and humans to monitor equipment or transfer records between facilities.
Thursday’s data intrusion forced Manchester Memorial and Rockville General emergency departments in Connecticut to close. Officials at the hospital referred patients to adjacent medical facilities. According to the company’s website, all Prospect Medical-owned health care facilities “are experiencing IT complications” and a number of services, including elective surgeries and urgent care, have been halted. In addition, services for podiatry, wound care, women’s health, and gastroenterology have been suspended.
In Pennsylvania, Crozer Health facilities including the Crozer-Chester Medical Center in Upland and Taylor Hospital in Ridley Park were affected by the attack. Last year, Crozer shut down vital health care services, including emergency services, at Springfield Hospital and Delaware County Memorial Hospital, according to the Delaware County website.
Source: CBS News