Health Tech, Hospitals

Hospitals Still Struggling to Get Back Online 4 Days After Cyberattack on Prospect Medical Holdings

Hospitals and outpatient treatment centers in at least three states are struggling to get their systems back online following a ransomware attack waged last week against parent company Prospect Medical Holdings. Some of these facilities have partially or completely halted patient care.

Hospitals and outpatient treatment centers in at least three states are struggling to get their systems back online following a ransomware attack waged against their parent company last week.

The cyberattack, which cybercriminals launched last Thursday, targeted Prospect Medical Holdings — a Los Angeles-based company that operates 16 hospitals and 165 outpatient facilities across California, Texas, Pennsylvania, Connecticut and Rhode Island. 

The attack has caused systems at many of the company’s facilities to go offline, forcing healthcare staff to revert to paper record-keeping. At least four Prospect-owned health systems — Eastern Connecticut Health Network (ECHN), Connecticut-based Waterbury HEALTH, Pennsylvania-based Crozer Health and Rhode Island-based CharterCare — are still working to restore their online systems, according to notices posted on their websites.

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” Prospect said in a statement Friday. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

On Monday, Prospect did not respond to MedCity News’ request for an update about when its facilities will get all systems back online.

In addition to taking systems offline, the ransomware attack also forced some Prospect-owned emergency rooms to close and ambulances to be diverted. 

For example, emergency departments at Manchester Memorial Hospital and Rockville General Hospital — both in Connecticut — were closed for hours on Thursday and patients were sent to other nearby emergency care providers. These emergency departments have resumed operations, according to ECHN’s website. However, as of Monday afternoon, the website says that the following services are still temporarily closed until further notice: elective surgeries, gastroenterology procedures, outpatient blood draws, outpatient physical therapy and outpatient medical imaging.

Similar to the two ECHN-operated hospitals, Crozer Health had to divert ambulances for stroke and trauma patients from its three hospitals on Thursday and Friday. The health system’s 45-bed hospital in Drexel Hill, Pennsylvania, still remains closed, according to its website.

Waterbury HEALTH, another Prospect-owned health system in Connecticut, is also still experiencing system downtime that is preventing it from offering its full scope of services. In an update posted to its Facebook page, the health system said that multiple imaging facilities and rehab centers would remain closed through Monday.

The incident Prospect is experiencing is certainly not the only cyberattack this year that has affected healthcare facilities across multiple states. Last month, HCA Healthcare suffered a data breach that impacted 1,038 hospitals and physician clinics across 20 states. And in January, Community Health Systems fell victim to a cyberattack that exposed protected health information for 1.2 million patients across multiple states.

Photo: WhataWin, Getty Images

Shares1
Shares1