Hospitals’ Computers Offline for Weeks Due to Cyberattack
Several states are still experiencing the absence of crucial computer systems in hospitals and clinics, over two weeks after a cyberattack occurred. This attack resulted in the shutdown of emergency rooms and diversions of ambulances.
Progress is being made “to restore critical systems and restore their integrity,” Prospect Medical Holdings said in a statement Friday. But the company, which operates 16 hospitals and dozens of other medical facilities in California, Connecticut, Pennsylvania, Rhode Island and Texas, could not say when operations might return to normal.
“We do not yet have a definitive timeline for how long it will take to restore our systems,” spokeswoman Nina Kruse said in a text message. “The forensic investigation is still ongoing and we are cooperating closely with law enforcement authorities.”
The recovery process can often take weeks, with hospitals reverting to paper-based systems and people monitoring equipment, running check-ins between departments and doing other tasks that would normally be handled electronically, said John Riggi, the American Hospital Association’s national cybersecurity and risk adviser. at the time of the breach.
The attack, which was reported on August 3, had all the hallmarks of an extortionate ransomware, but officials would neither confirm nor deny this. In such attacks, criminals steal sensitive data from targeted networks, activate cryptographic malware that cripples them, and demand a ransom.
The FBI advises victims not to pay the ransom because there is no guarantee that the stolen data will not end up being sold on dark web criminal forums. Paying ransoms also encourages criminals and funds attacks, Riggi said.
As a result of the attack, some elective surgeries, outpatient clinic appointments, blood tests and other services are still being rescheduled.
Eastern Connecticut Health Network, which includes Rockville General and Manchester Memorial hospitals and several clinics and primary care providers, operated on a temporary phone system Friday.
Waterbury Hospital has been using paper records instead of computer files since the attack, but is no longer referring trauma and stroke patients to other facilities, spokeswoman Lauresha Xhihani told The Republican-American newspaper.
“PMH’s physicians, nurses and staff are trained to provide care when our electronic systems are unavailable,” Kruse wrote. “Providing safe and quality care is our top priority.”
Globally, the healthcare industry suffered the most cyberattacks in the year ending in March, according to IBM’s annual data breach report. It reported the costliest breaches for the 13th consecutive year, averaging $11 million each. The financial sector was next with $5.9 million.
Health care providers are a common target for criminal extortionists because they hold sensitive patient information, including histories, billing information and even critical research data, Riggi said.