This week’s ransomware attack on a California-based health care system forced some of its locations to close and left others to rely on paper records.
the system, Prospect Medical Holdingswhich operates 16 hospitals and more than 165 clinics and outpatient centers in Connecticut, Pennsylvania, Rhode Island and Southern California, announced the cyberattack on Thursday.
A Prospect Medical spokesman could not estimate Saturday when services would return to normal. It was not immediately clear how many of the system’s sites were affected.
On its websiteEastern Connecticut Health Network, an affiliate of Prospect Medical, listed locations that will be closed until further notice, including a medical imaging center, an urgent care facility and an outpatient blood-draw center, among others.
CharterCARE Health Partners, a Rhode Island affiliate, said on Facebook Thursday that it had to reschedule some of its appointments and go back to paper records. The Philadelphia Inquirer reported that computers are also down at Crozer Health facilities in Delaware County.
“Prospect Medical Holdings, Inc. recently experienced a data security incident that disrupted our operations,” the company said in a statement Saturday. “Upon learning this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists.”
The company said it is focused on “meeting the basic needs of our patients as we work diligently to return to normal operations as soon as possible.”
It did not provide details on the nature of the security breach.
Waterbury Hospital, in Waterbury, Conn., said Saturday that it continues to experience disruptions. It also said some of its outpatient and diagnostic imaging services were unavailable Friday or Saturday. On Thursday, it said it relies on paper records.
Cyberattacks on hospitals have become more common, said John Riggi, national adviser for cybersecurity and risk at the American Hospital Association.
In 2022, One Brooklyn Health, a hospital group serving low-income neighborhoods in New York, was hit by a cyberattack that also forced staff members to use paper records. Employees at the time said it was a learning curve, as most hospitals have been using electronic records since the 1990s and some diagnostic test results were coming in more slowly because of the cyberattack.
CommonSpirit Health, which has more than 140 hospitals and more than 700 care sites nationwide, was the target of a cyberattack last year that led to postponed surgeries, doctor visits and other delays in care, NBC reported. And in 2020, Russian hackers launched a ransomware attack on United Health Services, which has at least 400 facilitiesmaking it the largest attack of its kind at the time.
Cyberattacks are becoming more frequent, in part because the coronavirus pandemic has brought more health care services online, Mr. Riggi said.
“We rely more on cloud-based services, remote third parties,” Mr. Riggi said. “So all of these things are done with good intentions – ultimately to improve patient care and save lives. But the unintended consequence of this is that it greatly expands our digital attack surface.”
Hospitals and clinics typically use third parties to write code and develop technology for these systems, so these third parties need to deliver secure technology, he said.