Cyberattack hits US hospitals, disrupts emergency services

A cyberattack on US hospitals and clinics disrupts their computer systems and emergency services, forcing them to use paper records and human intervention.
Rizwan Choudhury
healthcarParamedics taking patient on stretcher from ambulance to hospitale ER.jpg
Paramedics taking patient on stretcher from ambulance to hospital ER.

Credits: FangXiaNuo/iStock 

Several US hospitals and clinics were hit by a cyberattack on Thursday that affected their computer systems and disrupted emergency services. Some of the facilities had to shut down their emergency rooms and divert ambulances to other locations.

The strike aimed its sights at installations managed by Prospect Medical Holdings, a company headquartered in California, which oversees medical institutions spanning across the states of California, Texas, Connecticut, Rhode Island, and Pennsylvania.

The company said in a statement on Friday that it took its systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. It also said it was focused on addressing the pressing needs of its patients and restoring normal operations as soon as possible.

The White House monitoring the situation

As per an Associated Press report, the White House said it was monitoring the situation and offered federal assistance to the company. Adrienne Watson, a spokesperson for the National Security Council, said in a statement that “the Department of Health and Human Services has been in contact with the company to offer federal assistance, and we are ready to provide support as needed to prevent any disruption to patient care as a result of this incident.”

The FBI in Connecticut said it was working with law enforcement partners and the victim entities, but did not provide any details about the nature or motive of the attack.

John Riggi, the American Hospital Association’s national advisory for cybersecurity and risk, said the recovery process from such attacks can take weeks, and that hospitals have to rely on paper systems and human intervention to keep functioning.

“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi said.

He also said that paying ransoms to the attackers is not advisable, as it encourages more attacks and does not guarantee the safety of the stolen data.

Critical impact on the medical infrastructure

The cyberattack had a significant impact on health services in several states. In Connecticut, two hospitals had to close their emergency departments for most of Thursday and send patients to other nearby medical centers. Elective surgeries, outpatient appointments, blood drives, and other services were also suspended at many facilities. The emergency departments reopened late Thursday, but many primary care services remained closed on Friday.

The attack disrupted services at various other facilities nationwide. For example, in Pennsylvania, four facilities suffered from the attack, such as the Crozer-Chester Medical Center in Upland and the Springfield Hospital in Springfield. In California, the company operates seven hospitals in Los Angeles and Orange counties, which include a 130-bed acute care hospital in Los Angeles and two behavioral health facilities.

The company said it was contacting patients individually to inform them about the status of their appointments and services. It also apologized for any inconvenience caused by the cyberattack.

Data breaches in healthcare industry

According to IBM’s annual report on data breaches, the healthcare industry was the hardest hit by cyberattacks in the year ending in March. For the 13th straight year, it reported the most expensive breaches, averaging $11 million each. Next was the financial sector at $5.9 million.

Sensitive patient data, such as healthcare histories, payment information, and even critical research data, make healthcare providers attractive targets for criminal extortionists, Riggi said.

According to Riggi, who is also a former cybersecurity specialist with the FBI, hospitals have been trying to improve their security and backup systems to avoid and deal with such attacks. But he said it is very hard to make them totally secure because they need to use the Internet and network-connected technologies to exchange patient information among clinicians involved in a patient’s care.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board