Ransomware Attack on Prospect Medical Holdings Affects Facilities in Multiple States
Prospect Medical Holdings, a Los Angeles, CA-based health system that operates 17 hospitals and 166 outpatient clinics in California, Connecticut, Pennsylvania, Rhode Island, and New Jersey has been hit with a ransomware attack that has disrupted operations across its network, including operations at its subsidiaries Crozer Health and the Eastern Connecticut Health Network (ECHN).
Prospect Medical Holdings said steps were immediately taken to prevent further unauthorized access and several IT systems were taken offline to protect those systems. Third-party cybersecurity specialists were engaged to investigate and determine the scope of the breach and the ransomware attack was reported to the Federal Bureau of Investigation (FBI), which has launched an investigation. The Department of Health and Human Services has offered federal assistance and said it is able to provide support, as needed, to prevent disruption to patient care.
Without access to IT systems, ambulances were diverted to other facilities in the immediate aftermath of the attack, and employees at the affected healthcare facilities adopted their emergency downtime procedures and reverted to using paper records. ECHN said it took the decision to temporarily close some of its facilities including diagnostic labs, elective surgery, and gastroenterology centers, and halted outpatient medical imaging, blood draw, and physical therapy services and is contacting patients to reschedule appointments.
The attack began on Thursday and efforts are still underway to restore its systems and return to normal operations. A spokesperson for Prospect Medical Holdings said, “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.” At such an early stage of the investigation, the extent to which patient information was compromised has yet to be determined. It is currently unclear which ransomware group was behind the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: Notifications were mailed to affected individuals in September and November. Further information can be found in this post.