The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Ransomware Attack on Prospect Medical Holdings Affects Facilities in Multiple States

Posted By on Aug 7, 2023

Prospect Medical Holdings, a Los Angeles, CA-based health system that operates 17 hospitals and 166 outpatient clinics in California, Connecticut, Pennsylvania, Rhode Island, and New Jersey has been hit with a ransomware attack that has disrupted operations across its network, including operations at its subsidiaries Crozer Health and the Eastern Connecticut Health Network (ECHN).

Prospect Medical Holdings said steps were immediately taken to prevent further unauthorized access and several IT systems were taken offline to protect those systems. Third-party cybersecurity specialists were engaged to investigate and determine the scope of the breach and the ransomware attack was reported to the Federal Bureau of Investigation (FBI), which has launched an investigation. The Department of Health and Human Services has offered federal assistance and said it is able to provide support, as needed, to prevent disruption to patient care.

Without access to IT systems, ambulances were diverted to other facilities in the immediate aftermath of the attack, and employees at the affected healthcare facilities adopted their emergency downtime procedures and reverted to using paper records.  ECHN said it took the decision to temporarily close some of its facilities including diagnostic labs, elective surgery, and gastroenterology centers, and halted outpatient medical imaging, blood draw, and physical therapy services and is contacting patients to reschedule appointments.

The attack began on Thursday and efforts are still underway to restore its systems and return to normal operations. A spokesperson for Prospect Medical Holdings said, “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.” At such an early stage of the investigation, the extent to which patient information was compromised has yet to be determined. It is currently unclear which ransomware group was behind the attack.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Update: Notifications were mailed to affected individuals in September and November. Further information can be found in this post.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist