Numerous Hospitals Pwned In Cyber Attack

ABC is reporting that a number of hospitals in a number of states that are part of Prospect Medical Holdings have been pwned in a cyberattack:

Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted.

Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.

John Riggi, the American Hospital Association’s national advisory for cybersecurity and risk, said the recovery process can often take weeks, with hospitals in the meantime reverting to paper systems and humans to do things such as monitor equipment and run records between departments.

“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital, but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi said.

The latest “data security incident” began Thursday at facilities operated by Prospect, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement Friday. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

The White House has been monitoring the cyberattack, said Adrienne Watson, a spokesperson for the National Security Council.

Ani Chaudhuri, CEO, Dasera had this comment:

The recent cyberattack on Prospect Medical Holdings, leading to disrupted services in hospitals across several states, underscores a grim reality – no sector, no matter how critical, is immune to cyber threats. The impact on healthcare, already strained under the weight of the ongoing global health crisis, has immediate and far-reaching consequences on human lives. My heart goes out to the patients and healthcare providers grappling with the fallout from this event.

First and foremost, it’s essential to acknowledge that securing and governing data, especially in the cloud, is a Herculean task. We’re exploring uncharted territories where traditional security perimeters evaporate, and data sprawl is becoming increasingly common. The interconnectedness of data makes hospitals and healthcare systems particularly vulnerable as they handle massive amounts of sensitive and personal health data daily.

Moreover, the COVID-19 pandemic has accelerated the digital transformation in healthcare, pushing many providers to adopt cloud technologies quickly, often without the opportunity to implement robust security measures. It’s a harsh reminder that cybersecurity isn’t an ‘add-on’ but an integral part of our digital infrastructure that requires as much attention and investment as any other part of the system.

Empathy must also extend to understanding the colossal challenges of protecting sensitive data and maintaining services during a cyberattack. As a cybersecurity professional, I know that these are trying times, and while we aspire to prevent every attack, the truth is that no system is foolproof.

The incident also emphasizes the urgency of a multi-layered defense strategy. Zero trust security, robust data governance, regular cybersecurity audits, and continuous employee training are all vital components of such a strategy.

Even though the landscape might seem overwhelming, it’s important not to lose sight of our collective strength. Cybersecurity isn’t just the domain of security experts; it’s everyone’s responsibility. The healthcare sector and every industry need to work with cybersecurity companies, policymakers, and educators to raise awareness and build resilience at all levels of the organization.

In the face of this adversity, we must remind ourselves that while every company and sector is susceptible to attacks, we also possess the resourcefulness and resilience to adapt, learn, and grow stronger. It’s a steep mountain, but we’ll conquer it together.

This is not a good situation and again illustrates that cyberattacks can be very dangerous to us all. It also illustrates that more needs to be done to ensure that cyberattacks do not have this level of disruption.

Leave a Reply

%d bloggers like this: