A ransomware attack against Prospect Medical Holdings disrupted healthcare services across multiple states last week, prompting multiple hospital closures as response and recovery efforts are underway.
“Prospect Medical Holdings recently experienced a data security incident that has disrupted our operations,” the healthcare provider said Friday in a statement. The California-based company operates 16 hospitals and more than 165 clinics and outpatient facilities in California, Connecticut, Pennsylvania and Rhode Island.
The hospital chain initially took its systems offline Tuesday after it discovered the ransomware attack, NBC News reported. A spokesperson for Crozer Health told The Philadelphia Inquirer systems were still offline Thursday and described the ransomware attack as “Prospect-wide.”
Multiple hospitals in the system are still experiencing complications or closures as of Monday.
“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” Prospect said in the statement.
“While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible,” the chain said.
Prospect Medical Holdings was not immediately available to respond to questions. The FBI did not respond to a request for comment by publication time.
“CISA is working in close coordination with our federal and private sector partners to understand the impact from an apparent ransomware attack affecting several health care facilities owned by Prospect Medical Holdings and stands ready to provide any assistance needed,” Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said in a statement.
“This incident underscores the seriousness of the cyber threat to our nation’s critical infrastructure,” Goldstein said.
Cyberattacks and breaches in the healthcare industry is a long-running problem. Healthcare breaches exposed 385 million patient records from 2010 to 2022, according to federal records.
The healthcare and public health sector was hit with the largest share of reported ransomware incidents across all critical infrastructure sectors last year, a total of 210 attacks, according to the FBI Internet Crime Complaint Center’s annual report for 2022.
At least 21 U.S. systems operating 50 hospitals have been impacted by ransomware this year, Emsisoft Threat Analyst Brett Callow said on Twitter.