FBI investigates ransomware attack on California-based healthcare provider

The U.S. Federal Bureau of Investigation is investigating a ransomware attack that disrupted services at a healthcare provider based in California on Aug. 3.

The attack on Prospect Medical Holdings Inc., which along with operating hospitals and medical clinics in California, also provides service in Connecticut, Pennsylvania, Rhode Island and Texas, was first detected on Thursday before being disclosed by the company on Friday.

Officially, the company referred to the attack only as a “data security incident that has disrupted our operations,” although the FBI has since confirmed that it’s investigating a ransomware attack. Which ransomware group was behind the attack has not been revealed and no group has claimed public responsibility.

The attack reportedly caused Prospect to close emergency rooms in multiple states and for ambulance services to be redirected to other hospitals. The medical group said it has taken its systems offline to protect them, suggesting that it was a ransomware attack, and said it had hired third-party cybersecurity specialists.

The Associated Press reported that the White House has also been monitoring the attack, given its size and breadth.

As of Sunday evening EDT, hospitals and medical clinics run by Prospect were struggling to restore services. The East Connecticut Health Network advised on its website that all elective surgery, outpatient medical imaging, outpatient blood draw, urgent care and its wound center are closed until further notice.

Other hospitals were more fortunate. A spokesperson for the Prospect-owned Crozer hospitals in Pennsylvania told a local outlet that though there had been a ransomware attack, there was no impact on patient care. However, the spokesperson added that services were affected at facilities, including Crozer-Chester Medical Center in Upland, Taylor Hospital, Delaware County Memorial Hospital and Springfield Hospital.

Hospitals and other healthcare providers remain a favorite target of ransomware gangs thanks to the wealth of personally identifiable information and protected medical information a successful attack can obtain. Although it’s yet to be confirmed in the case of Prospect, it’s highly likely that the ransomware attack targeted patient information.

Previous attacks where medical records were targeted included 9 million records stolen from Managed Care of North America Inc. in May, 5.8 million records stolen from PharMedica Corp. also in May and 1 million records potentially stolen from Zoll Medical Corp. in March.

Photo: Prospect Medical Holdings