Multiple Prospect Medical Holdings hospitals incapacitated by ransomware

Prospect Medical Holdings institutions Crozer Health and Eastern Connecticut Health Network (ECHN) have recently fallen victim to cyberattacks, highlighting the ongoing threat of cyber security breaches in the healthcare industry.

Prospect Medical Holdings, the parent company of Crozer Health in Delaware County, and Eastern Connecticut Health Network,experienced a severe ransomware attack that affected their computer systems. Healthcare institutions like hospitals are particularly vulnerable to such attacks due to the valuable data they possess. While the impact on patient care was reported to be minimal, this incident raises concerns about the protection of sensitive medical information.

Subsequently multiple hospitals in the network have reported outages

• Eastern Connecticut Health Network wrote on its website that all elective surgeries will be canceled until further notice and facilities for wound healing, imaging, gastroenterology, podiatry, urgent care and women's wellness will be closed for the time being.
• The Associated Press reported that the emergency departments at Manchester Memorial and Rockville General hospitals — both part of Eastern Connecticut Health Network — were shut down as of Thursday.
• Local news outlets in California, Connecticut, Pennsylvania, and Rhode Island tracked multiple hospital emergency rooms that were forced to divert patients or close their doors starting on Thursday. Some hospitals posted about the outages on Facebook pages
• Prospect Medical Holdings did not respond to follow-up questions about whether it was a ransomware incident but officials at Delaware County’s Crozer Health in Pennsylvania told the Philadelphia Inquirer that they were dealing with a ransomware attack.

Incidents are currently under investigation by the FBI. The affected healthcare organizations are working tirelessly to assess the extent of the attacks and restore their IT systems. Patient appointments have been disrupted, and the hospitals are contacting those impacted to reschedule.

As of monday, 7th of August hospitals and outpatient treatment centers in at least three states are struggling to get their systems back online. Prospect has not provided any update about when its facilities will get all systems back online.

As of 11th of August Eastern Connecticut Health Network (ECHN) and Waterbury HEALTH inform that certain services are now restored, while others remain inaccessible. Waterbury HEALTH's currently unavailable services include:

• Outpatient blood draw locations (except for Waterbury Hospital Outpatient Blood Draw at 64 Robbins Street).
• Women’s Imaging in Southbury.
• Open MRI services in Southbury.
• Diagnostic Radiology Associates, which operates in Waterbury (providing limited services like Dexa scans and X-rays), Middlebury, and Southbury.

Waterbury HEALTH's spokesperson mentioned that their computer systems are still offline network-wide.

On 24th of August the Rhysida ransomware group claimed responsibility for a ransomware attack against Prospect Medical Holdings. The threat actor said it stole more than 500,000 Social Security numbers, passport data of clients and employees, patient medical files, and financial and legal documents, according to a post on the dark web.
Rhysida claims to have more than 1 terabyte of stolen data and a SQL database containing 1.3 terabytes of data. The group offered the data for sale on the dark web for 50 bitcoin, which is the equivalent of almost $1.3 million US on the day of announcement.

As of 27th of February 2024, Prospect Medical Holdings disclosed that the attack is also affecting Cigna policyholders.

Prospect Medical Holdings, owning 16 hospitals and numerous outpatient facilities, is now facing significant challenges to resolve the IT complications and ensure smooth operations. As cyber threats continue to evolve, healthcare institutions must remain vigilant and prioritize cyber awareness and security measures to safeguard patient data and maintain uninterrupted medical services.