On Thursday, a cyberattack disrupted hospital computer systems in many states, forcing the shutdown of emergency departments and the redirection of ambulances. On Friday, many primary care services remained closed while security specialists worked to identify the scope of the problem and find a remedy.
Prospect Medical Holdings, a Los Angeles-based healthcare company with hospitals, clinics, and outpatient facilities throughout Texas, Connecticut, Rhode Island, Pennsylvania, and Southern California, was the target of the attack.
According to John Riggi, the American Hospital Association’s national counsel for cybersecurity and risk, recovery can take weeks. In the interim, hospitals must rely on paper systems and humans to perform duties such as equipment monitoring and record transferring across departments.
“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital, but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi added.
Prospect Medical Holdings has 16 hospitals and a network of over 165 outpatient facilities and clinics in the affected areas.
- Bellflower Behavioral Health Hospital
- Foothill Regional Medical Center
- Los Angeles Community Hospital
- Norwalk Community Hospital
- Southern California Hospital at Culver City
- Southern California Hospital at Hollywood
- Van Nuys Behavioral Health Hospital
- Eastern Connecticut Health System
- Waterbury Health
- (ECHN and Waterbury HEALTH are part of Prospect Medical Holdings, which serves 19 towns in eastern Connecticut, including Manchester Memorial Hospital and Rockville General Hospital.)
- Crozer Health
Rhode Island Hospitals
- CharterCARE Health Partners
In a statement, Prospect Medical Holdings acknowledged the issue, saying, “Prospect Medical Holdings, Inc. recently experienced a data security incident that has disrupted every Prospect Medical Holdings hospital in the country. Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists.”
“While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible. We understand the frustration this incident has caused. We ask for your patience as we continue to work with our teams,” it added.
Emergency rooms have been forced to close as a result of the incident, and ambulances have been rerouted to other places. Other healthcare facilities are bearing the brunt of this unexpected interruption, which may result in delays in vital patient care.
The perpetrators of this breach have yet to be identified.
The FBI field office in Connecticut published a statement saying they are aiding “law enforcement partners and victim entities,” but they are unable to share any other information regarding the investigation at this time.
“We are working closely with law enforcement partners and the victim entities to address the issues,” said Robert Fuller, special agent in charge of the New Haven Field Office of the FBI per WTNH.
“At this time there is no further information we can share as this is an ongoing investigation. If and when information can be shared we will do so,” he added.