Aug 11 – Starting last week, a ransomware attack affecting 16 different hospitals, all of which are run by Prospect Medical Holdings, resulted in multi-day disruptions to patient services across facilities in four different states.
Hospitals were forced to divert ambulances to other care centers, cancel appointments, and close connected satellite clinics. Some had to use paper records while treating patients.
On Facebook, Waterbury Hospital wrote that its computer systems were “…down throughout the network due to a data security incident.”
Prospect Medical ransomware
A spokesperson for Prospect Medical Holdings indicated that the ransomware attack began on Thursday, and as of the following Tuesday, did not know by when the issue would be resolved.
Due to the widespread nature of the issue and the massive impact to communities across the United States, the incident has commanded national attention. Prospect Medical Holdings maintains hospitals in California, Rhode Island, Connecticut and Pennsylvania.
Chairman of the House Committee on Homeland Security, Mark Green (R-TN), described the attacks as “extremely concerning.”
Ransomware operations
A relatively new Ransomware-as-a-Service group, known as Rhysida, is believed to be behind the attack. Previously, the same group launched an attack on the Chilean government and an attack that crippled the government of Martinique.
Experts have noted that Rhysida appears not to target former Soviet Republic or bloc countries in Eastern Europe and Central Asia’s Commonwealth of Independent States.
Healthcare cyber security
According to Sergey Shykevich, threat intelligence group manager at Check Point Research, in the past four weeks alone, on average one in 29 healthcare organization in the U.S. has been affected by ransomware.
“With its massive attack surface and trove of personal health data, the healthcare industry is a shiny and lucrative target for cyber criminals. We’re all seeing the impacts, as hospitals must shut down emergency rooms…” he said.
“On the technical side, we see continuation of the trend when ransomware groups frequently rebrand and change the encryption payload they use…”
Healthcare resources
If you’re a healthcare leader who’s interested in cyber security resources to help your organizations stay secure, please see below:
- 10 best practices: How to prevent cyber attacks in healthcare settings
- An ounce of prevention is worth a pound of cure
- The Buyer’s Guide to IoMT Security Solutions
- Healthcare attacks are increasing: Why zero trust will prevent care disruptions
- The ultimate ransomware prevention checklist
Get more on this story here. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.