(DCWatchdog.com) – Several hospitals and clinics in multiple states are still grappling with the effects of a cyberattack more than two weeks ago, which resulted in some emergency rooms being shut down and ambulance diversions.
In a statement released on Friday, Prospect Medical Holdings announced progress in their efforts “to recover critical systems and restore their integrity.” The company, which operates 16 hospitals and numerous other medical facilities across California, Connecticut, Pennsylvania, Rhode Island, and Texas, could not provide a specific timeline for when operations might return to normal.
In a text message, Prospect Medical Holdings spokesperson Nina Kruse stated, “We do not yet have a definitive timeline for how long it will be before all of our systems are restored. The forensic investigation is still underway and we are working closely with law enforcement officials.”
The recovery process following such attacks can often take several weeks. In the meantime, hospitals typically resort to using paper systems and employing personnel to monitor equipment manually, transfer records between departments, and perform other tasks that are usually handled electronically, according to John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, who spoke about the breach.
Officials have yet to confirm or deny whether the attack, announced on August 3, was a ransomware attempt. In such attacks, cybercriminals infiltrate targeted networks to steal sensitive information, then deploy encryption malware that effectively disables them, demanding ransom for data release.
The FBI recommends that victims of such attacks not pay ransoms, as there is no guarantee that stolen data will not eventually be sold on the dark web. Furthermore, paying ransoms only emboldens the attackers and funds future cyberattacks, noted Riggi.
As a result of the cyberattack, some elective surgeries, outpatient appointments, blood drives, and other services continue to be postponed.
The Eastern Connecticut Health Network, encompassing Rockville General and Manchester Memorial hospitals and several clinics and primary care providers, was operating on a temporary phone system as of Friday.
In the wake of the attack, Waterbury Hospital has resorted to using paper records instead of computer files but has ceased diverting trauma and stroke patients to other facilities, as reported by spokeswoman Lauresha Xhihani to the Republican-American newspaper.
“PMH physicians, nurses, and staff are trained to provide care when our electronic systems are not available,” wrote Kruse. “Delivering safe, quality care is our most important priority.”
The healthcare industry experienced the highest number of cyberattacks globally in the year ending March, as reported by IBM in their annual data breaches report. For the 13th consecutive year, the industry saw the costliest breaches, averaging $11 million each. The financial sector followed closely, with an average cost of $5.9 million per breach.
Riggi explained that extortionists frequently target healthcare providers due to their access to sensitive patient data, including medical histories, payment information, and even crucial research data.