Healthcare services in several areas were forced to close their A&E departments and suspend certain procedures due to a ransomware attack on Prospect Medical Holdings (PMH), a California-based umbrella organisation for these businesses.
According to local media sources, the data security breach began on August 3rd. Prospect Medical Holdings (PMH), which is in charge of managing 16 hospitals spread across the states of California, Connecticut, Pennsylvania, and Rhode Island as well as a network of 166 outpatient clinics and centres, has had significant issues at all of its hospital sites.
According to PMH Statement:
Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.
The PMH attack forced Connecticut’s hospital systems to temporarily stop operations and divert patients. This situation has prompted the intervention of the FBI’s Connecticut division for investigation. Initially, it was difficult to determine how many locations in the system were compromised.
The affiliate of Prospect Medical, Eastern Connecticut Health Network, mentioned the shutdown of several facilities. These include a medical imaging centre, an urgent care facility, a facility for outpatient blood draws, and other services.
On Saturday, the Waterbury Hospital in Waterbury, reported that there were still issues. Additionally, the hospital reported that a few outpatient and medical imaging services were unavailable. Waterbury posted on Facebook that they need to reschedule certain appointments and go back to relying on paperwork.
Meanwhile, ransomware breaches in Pennsylvania disrupted network systems at Crozer Health, a large health care consortium situated in Delaware County, PA. Delaware County Memorial Hospital, which confirmed its offline status on its website, has temporarily ceased operations.
The effects of the attack have expanded to other hospitals, including Crozer-Chester Medical Centre, Taylor Hospital, and Springfield Hospital. In addition to these four hospitals, the Crozer Health network includes seven additional outpatient and surgical centres, the state of which is unclear. The effect on PHM-owned hospitals in California, Rhode Island, and New Jersey is likewise unknown currently.
The FBI has disclosed that it is actively investigating the ransomware attack. However, owing to the nature of the ongoing inquiry, they are currently unable to provide more details. As of now, no specific ransomware group has claimed responsibility for the attack.
The severity of ransomware attacks on hospitals and health systems has dramatically increased. As a result, the Department of Health and Human Services has published a report to counter certain ransomware groups that often target health care services.
The health care industry has been dealing with cybercrime and data breaches for a considerable amount of time. It is clear that between 2010 and 2022, vulnerabilities in health care data security might have led to the compromise of 385 million patient information.
The technology for these systems is often written by third parties on which hospitals and clinics rely. It’s essential that these outside parties offer technology that is heavily focused on security.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.