A massive cyber attack shut down hospitals and other medical facilities in at least four states.
The attack disrupted the computer systems at Prospect Medical Holdings, which is based in California but has facilities in Connecticut, Rhode Island, and Texas. In some cases, ambulances had to relocate patients to unaffected hospitals in the area. Clinics canceled elective surgeries and outpatient procedures as the hospitals began recovering from the attack. ER services reopened Thursday evening, though other services are still down or operating at a lesser capacity than before.
Sorting through the effects of the attack will take weeks, John Riggi, from the American Hospital Association’s national advisory for cybersecurity and risk, told the Associated Press. He deems these types of attacks a “threat-to-life crime.”
Adrienne Watson, a spokesperson for the National Security Council, said the Department of Health and Human Services is offering federal assistance to Prospect hospitals, according to the AP.
Cyber attacks have increasingly hit the medical profession, taking valuable time and resources away from patient care. Cybercriminals often take personal and HIPAA-protected information such as patient records, social security numbers, addresses, research data, and payment information. Scammers can use this information for identity fraud or against patients and staff.
The HIPAA Journal lists May as one of the worst months ever for hospital breaches, with a 330% month-over-month increase. That’s 19 million breaches in one month, over twice as many seen in previous months going back two years.
In other cases, scammers often steal or freeze hospital records and systems, demanding a ransom for restoring the information. The malicious software used to shut down systems is often referred to as ransomware.
The FBI and other law enforcement agencies recommend against paying the ransom since there isn’t a guarantee the systems will be restored, and offering the funds encourages the scammers to hit another target.
The FBI is working with medical facilities to add extra protections and safeguards to protect sensitive information from ransomware attacks.