Aug 7, 2023 - Health

Cyberattack hits hospitals across three states

Illustration: Annelise Capossela/Axios

Hospitals and outpatient facilities in at least three states are still working to restore their computer systems after a cyberattack hit their parent company, forcing some locations to shut down for days.

Driving the news: Prospect Medical Holdings, a Los Angeles-based private equity company, which operates 16 hospitals and 165 outpatient facilities across California, Texas, Connecticut, Rhode Island, and Pennsylvania, announced it sustained an attack on Thursday evening, the Associated Press reported.

  • The attack shuttered several emergency departments and required ambulances to be diverted from some hospitals, while health providers reverted to pen and paper in the immediate aftermath of the attack.
  • On Sunday, Eastern Connecticut Health Network's website still reported closures of multiple services, including urgent care and elective surgeries, as it worked to restore systems. Pennsylvania-based Crozer Health and Rhode Island-based CharterCare still had posts on their websites alerting patients to the systemwide outage.

What they're saying: Prospect did not respond to specific questions about the extent of the breach, but confirmed the data security incident disrupted operations.

  • "Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists," it said in an email statement to Axios. "While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible," they said.

Between the lines: This is the latest in a surge of large-scale cyberattacks on health care facilities that have disrupted operations, with experts calling on better industry-wide efforts and federal regulations to harden defenses around America's health care information infrastructure.

  • Breaches not only put patient privacy at risk, but can also threaten lives when operations are disrupted.
  • In July, 11 million HCA Healthcare patients may have had their data stolen in one of the largest-ever reported health care breaches.
  • In January, Community Health Systems reported roughly 1.2 million patients had protected health information was exposed and Commonspirit Healthcare, one of the biggest non-profit health systems in the U.S., reported last fall more than 600,000 records were breached.
  • "This incident is a firm reminder that cybersecurity threats pose a real risk for healthcare organizations across the nation. Prospect Medical Holdings is not the first health system that has been targeted by bad actors and, unfortunately, it will not be the last," officials at the health system said.

Between the lines: Prospect has also been the subject of intense scrutiny for its business practices.

  • The firm made headlines following last November's closure of its Delaware County Memorial Hospital safety-net facility outside Philadelphia after health officials learned it was inadequately staffed.
Go deeper