Recent events have once again spotlighted the vulnerability of healthcare infrastructure to cyber threats, with several hospitals and outpatient treatment facilities across three states still grappling with a ransomware attack that took place last week. The attack targeted Prospect Medical Holdings, a Los Angeles-based healthcare organization that oversees 16 hospitals and 165 outpatient facilities scattered across California, Texas, Pennsylvania, Connecticut and Rhode Island.
These facilities —including Eastern Connecticut Health Network (ECHN), Connecticut’s Waterbury HEALTH, Pennsylvania’s Crozer Health, and Rhode Island’s CharterCare — had to take their systems offline as a defensive measure against the attack, necessitating a temporary return to manual paper-based record keeping. A statement from Prospect reveals that, although an investigation with third-party cybersecurity experts is underway, the main focus is to address patient needs as work to restore normal operations continues. You can read the full statement here.
In the wake of the attack, emergency rooms under the Prospect umbrella had to close, and some ambulances were rerouted. For instance, the emergency departments at Connecticut’s Manchester Memorial Hospital and Rockville General Hospital were not operational for several hours, leading to patients being sent to nearby emergency care providers. Although these emergency departments have since resumed operations, a host of services such as elective surgeries, gastroenterology procedures, outpatient blood draws, outpatient physical therapy, and outpatient medical imaging remain temporarily halted, as outlined on ECHN’s website.
A similar situation also occurred at Crozer Health’s hospitals where ambulances for stroke and trauma patients had to be diverted. Currently, the healthcare provider’s 45-bed hospital located in Drexel Hill, Pennsylvania, remains closed. More information on the situation can be found here.
Waterbury HEALTH in Connecticut also continues to reckon with system downtime that impedes its ability to offer comprehensive medical services. Several imaging facilities and rehab centers under the health system will stay closed through Monday, as noted in a recent update on the health system’s Facebook page.
While the cyber-incident involving Prospect is concerning, it unfortunately does not stand alone. Healthcare facilities spanning various states have suffered similar threats this year, such as the data breach experienced by HCA Healthcare last month that affected 1,038 hospitals and physician clinics across 20 states, and a cyberattack aimed at Community Health Systems in January that compromised protected health-related information for approximately 1.2 million patients.
This series of attacks underscores an urgent need for all healthcare facilities, across all states, to prioritize cybersecurity strategies and safeguard their critical IT infrastructure from the potential damage caused by cyberattacks.