What just happened? All ransomware attacks are bad, but none are as insidious as those that could cost lives by targeting healthcare facilities. The FBI is investigating an incident last week that impacted the systems of a California-based provider, leading to emergency rooms across several states being shut down and ambulances being diverted to other hospitals.
The Guardian reports that the incident began on Thursday at the Los Angeles facilities of Prospect Medical Holdings, which has hospitals and clinics in California, Texas, Connecticut, Rhode Island, and Pennsylvania.
The company said it took its systems offline upon learning of the attack to protect them and launched an investigation with the help of third-party cybersecurity specialists. The FBI confirmed it had also launched an investigation, and the White House said it was monitoring the attack.
"While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible," Prospect Medical Holdings wrote in a statement.
CBS News reported that the Crozer-Chester Medical System (CCMS) in Springfield, Pennsylvania reverted to paper records after most of its computers went offline; they're not expected to be ready for use again until sometime this week. This is something we've seen several times in the past after hospitals have been hit with ransomware, including when the Hancock Regional Hospital in the state of Indiana was attacked in 2018.
Law enforcement said Roger Williams Medical Center and Our Lady of Fatima in Rhode Island were also impacted by the attack. The Eastern Connecticut Health Network (ECHN) said some of its locations were affected and it would contact patients whose appointments may be changed. The ECHN website states that all elective surgery, outpatient medical imaging, outpatient blood draw, urgent care, and its wound center are closed until further notice.
According to IBM's report on data breaches, the healthcare industry has reported the most expensive breaches of any field for the 13th consecutive year, averaging $11 million each. That's almost double the $5.9 million each from the second-place finance sector.
In 2020 at the height of the pandemic, the FBI warned of a massive ransomware campaign that was targeting US hospitals.
A survey in 2021 showed that almost three-quarters of healthcare facilities said patients had longer stays as a result of ransomware attacks on the facilities. The incidents also caused delays and errors in test results, patients needing to be transferred elsewhere, and increased complications from medical procedures and higher mortality rates.
