Ransomware attacks disrupt patient care in multiple US states

Ransomware attacks have impacted healthcare systems across multiple locations in the U.S., resulting in delays in patient care and scheduled surgeries. These attacks have also forced the closure of some emergency rooms and the diversion of ambulances.

Prospect Medical Holdings facilities said that they are experiencing IT complications impacting some ECHN locations and services. It also announced the closure of the services and locations until further notice, including elective surgery and GI procedures; outpatient medical imaging (M-F) Evergreen and Tolland Imaging Women’s Center; Outpatient Blood Draw; Urgent Care; and Wound Center (M-F). 

The ‘data security incident’ began Thursday at facilities operated by Prospect Medical Holdings, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island, and Pennsylvania.

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement Friday. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

The Crozer Health Network confirmed on Friday that its hospitals in Delaware County have fallen victim to a ransomware attack.

A spokesperson from Crozer told Action News the health network is still evaluating the situation at all four hospitals. The impacted hospitals include Crozer-Chester Medical Center, Taylor Hospital, Delaware County Memorial Hospital, and Springfield Hospital.

The spokesperson added that “We have experienced a ransomware attack that is Prospect wide. We are evaluating the situation. There has been no impact on the quality of patient care.”

In a Facebook post, CharterCARE Health Partners, a Rhode Island affiliate, wrote that its “computer systems are down and temporarily affecting inpatient and outpatient operations at Our Lady of Fatima Hospital and Roger Williams Medical Center.”

“We are in the process of reevaluating our downtime capabilities and may reschedule some appointments,” the post said, adding that affected patients will be contacted.

Furthermore, “CharterCARE hospitals are following downtime procedures, including the use of paper records until this is resolved. Some patient procedures may be affected and those patients will be contacted. Patient visitation is not affected. We are working closely with IT experts to resolve it as quickly as possible. Thank you for your patience and understanding,” it added.

On Saturday, Waterbury Hospital wrote in a Facebook post that “Waterbury HEALTH locations and services will be closed on Saturday 8-5-2023. Waterbury Hospital blood draw locations (all, except the Waterbury Hospital, 64 Robbins Street location).”

Additionally, “our computer systems are down due to a cyber security attack with the outage affecting all Waterbury HEALTH inpatient and outpatient operations. We are in the process of reevaluating our downtime capabilities and may reschedule some appointments. Affected patients will be contacted.”

It added that Waterbury Hospital is following downtime procedures, including the use of paper records until this is resolved. “Patient visitation is not affected. We are working closely with IT experts to resolve it as quickly as possible. Thank you for your patience and understanding.”

CommonSpirit Health reportedly disclosed Tuesday that it had experienced ‘an IT security issue’ that forced it to take certain systems offline. “While CommonSpirit declined to share specifics, a person familiar with its remediation efforts confirmed to NBC News that it had sustained a ransomware attack.”

CommonSpirit, which has more than 140 hospitals in the U.S., also declined to share information on how many of its facilities were experiencing delays. Multiple hospitals, however, including CHI Memorial Hospital in Tennessee, some St. Luke’s hospitals in Texas, and Virginia Mason Franciscan Health in Seattle all have announced they were affected.

In Connecticut, the emergency departments at Manchester Memorial and Rockville General Hospital were allegedly closed for much of Thursday and patients were diverted to other nearby medical centers.

Responding to the recent string of attacks against healthcare networks, John Riggi, senior cybersecurity adviser to the American Hospital Association said that cyberattacks on hospitals have become more common. “We’re relying more on cloud-based services, remote third parties. So all of these things are done with good intention — ultimately to improve patient care and to save lives. But the unintended consequence of this is that it has expanded dramatically our digital attack surface,” he added.

In Connecticut, the emergency departments at Manchester Memorial and Rockville General Hospital were allegedly closed for much of Thursday and patients were diverted to other nearby medical centers.

Last month, the Health Sector Cybersecurity Coordination Center (HC3) in the U.S. Department of Health & Human Services (HHS) revealed that vulnerabilities affecting the health sector in June have been identified and require prompt attention. The HC3 bulletin has identified security loopholes in hardware from various vendors, including Microsoft, Google/Android, Apple, Mozilla, SAP, Cisco, Fortinet, VMware, and Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.