Discover more from Mack’s Cyber Watch
Major Cyberattack Disrupts Hospital Systems Across Five States: An In-Depth Analysis of the Impact and Response
By: Mack Jackson Jr.
Hospital computer systems across five states have recently been hit by a significant cyberattack, causing widespread disruption to healthcare services. The attack targeted facilities operated by Prospect Medical Holdings, a chain that owns hospitals and more than 165 outpatient facilities in California, Connecticut, Pennsylvania, Rhode Island, and Texas. The cyberattack is the largest on a U.S. hospital system since last year and the 157th cyberattack on a U.S. healthcare organization this year.
Upon discovering the ransomware attack, Prospect Medical Holdings took its national computer systems offline. The attack has forced some emergency rooms to close and ambulances to be diverted, with many primary care services remaining closed as security experts work to determine the extent of the problem and resolve it. The attack has temporarily closed some outpatient facilities, including radiology, diagnostic, and heart health facilities in Connecticut.
The cyberattack has had a significant impact on health services in several states. In Connecticut, two hospitals had to close their emergency departments for most of Thursday and send patients to other nearby medical centers. Elective surgeries, outpatient appointments, blood drives, and other services were also suspended at many facilities. The emergency departments reopened late Thursday, but many primary care services remained closed on Friday. The attack disrupted services at various other facilities nationwide. For example, in Pennsylvania, four facilities suffered from the attack, such as the Crozer-Chester Medical Center in Upland and the Springfield Hospital in Springfield.
Ransomware is a highly disruptive form of criminal cyberattack. Hackers attempt to encrypt a victim’s computer files and demand payment — usually in cryptocurrency — for a program that may make them accessible again. Paying ransoms to the attackers is not advisable, as it encourages more attacks and does not guarantee the safety of the stolen data.
According to IBM’s annual report on data breaches, the healthcare industry was the hardest hit by cyberattacks in the year ending in March. For the 13th straight year, it reported the most expensive violations, averaging $11 million each. Sensitive patient data, such as healthcare histories, payment information, and even critical research data, make healthcare providers attractive targets for criminal extortionists.
The recovery process from such an attack can often take weeks, with hospitals, in the meantime, reverting to paper systems and humans to do things such as monitor equipment and run records between departments. These are threat-to-life crimes, which risk not only the safety of the patients within the hospital but also risk the safety of the entire community that depends on the availability of that emergency department to be there. As the investigation continues, the focus is on addressing the pressing needs of patients and working diligently to return to normal operations as quickly as possible.
Professor Jackson’s Recommendation:
Healthcare providers can take several steps to mitigate the risk of ransomware attacks.
Firstly, they should implement a robust cybersecurity framework with regular system updates, patch management, and advanced threat detection tools. This will help to identify and address vulnerabilities before they can be exploited.
Secondly, employee training is crucial. Many cyberattacks start with a simple phishing email. Training staff to recognize and report suspicious emails can significantly reduce the risk of a successful attack.
Thirdly, healthcare providers should regularly back up their data and ensure backups are stored offline or in a separate network. This will ensure that they can restore their systems without paying the ransom in case of a ransomware attack.
Fourthly, incident response plans should be in place and regularly tested. These plans should outline the steps to be taken during a cyberattack, including isolating affected systems, communicating with staff and patients, and reporting the incident to relevant authorities.
Finally, healthcare providers should consider cyber insurance to help cover the costs associated with a cyberattack. However, this should be different from the need for robust cybersecurity measures.