Sixteen hospitals and more than a hundred other medical facilities across the United States are offline after the largest cyberattack on a U.S. hospital system since last year.
Prospect Medical Holdings, a chain that owns hospitals, as well as more than 165 outpatient facilities, in California, Connecticut, Pennsylvania and Rhode Island has taken its main computer network offline, a spokesperson said Friday.
The company first took its national computer systems offline Tuesday after discovering a ransomware attack, said Nina Kruse, a spokesperson for the Eastern Connecticut Health Network, which is owned by Prospect. As is common with cyberattacks on hospitals, doctors and nurses are reverting to procedures like using pen and paper instead of computers to take patient records, she said.
Some outpatient facilities have closed because of the attacks, including radiology, diagnostic and heart health facilities in Connecticut, according to the Facebook pages and websites for Prospect Medical affiliates.
The Prospect hack is the 157th cyberattack on a U.S. health care organization this year, said Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future. Liska said it is also the largest since October 2021, when a ransomware attack prompted CommonSpirit Health, a chain of more than 140 hospitals, to temporarily halt computer operations across the country.
Ransomware is an extremely disruptive form of criminal cyberattack. Hackers attempt to encrypt a victim’s computer files and demand a payment — usually in cryptocurrency — for a program that may make them accessible again. Regardless of whether the victim pays, such attacks can leave victim organizations scrambling for days or even weeks and months to bring their systems back online.
Hospitals often use interconnected computer systems for tasks such as billing and keeping track of patient records. In a ransomware attack, information technology staff often shut down those systems to try to prevent the attack from spreading, forcing health care professionals to suddenly go without those tools.
Ransomware hackers take aim at a wide range of targets they think may pay up, including local governments, police stations, schools, businesses and hospitals. Larger hospital chains may have better cybersecurity, but they also offer hackers the opportunity to threaten more victims, and therefore the chance to potentially make more money.
It is unclear if any deaths can be directly attributed to a ransomware attack, but one woman filed a lawsuit in Alabama after her baby died from allegedly poor care in a hospital struggling to deal with a ransomware attack. Studies have shown that downtime from hospital cyberattacks correlates with patients having higher mortality rates.