- Home
- Hospitals & Providers
- Cyberattack on Prospect Medica ...
Prospect Medical Holdings was the target of a cyberattack that rendered critical computer systems offline and is still causing problems for some sectors of patient care.
The private equity company revealed the incident late Thursday and continues to show an alert about “a systemwide outage” impacting “all Prospect Medical facilities” on its primary website as well as those of its affiliates. Prospect Medical operates 16 healthcare facilities along with over 165 other clinical locations across the country.
The firm issued a statement to the press and put it online, saying that it had shut down its systems as a precaution after discovering the intrusion and was now investigating with the help of independent cybersecurity experts. According to the reports, the FBI is currently conducting an inquiry into the situation.
Statement from the company regarding the cyberattack:
The company stated, “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”
Prospect’s affiliate systems have been posting news stories and updates online detailing varied degrees of interruption throughout the facilities.
CharterCARE Health Partners – one of the affiliates – announced on Facebook that its hospitals had transitioned to paper records and that patients whose procedures could be disrupted would be notified. A day later, the group sent out another announcement saying that walk-ins were being accepted in the emergency rooms.
The Eastern Connecticut Health Network, comprising two hospitals and other institutions, is now advertising a list of temporarily unavailable services and locations. Among these are diagnostic imaging, blood draws, outpatient physical therapy, and elective surgical and gastrointestinal procedures.
Crozer Health, which operates four hospitals and several outpatient facilities in Pennsylvania, lost its IT infrastructure on Thursday and has been displaying an online warning to patients ever since.
Although Crozer and Eastern Connecticut Health Network representatives confirmed that the occurrence was a ransomware attack, the parent organization, Prospect, neither confirmed nor denied whether any kind of extortion was taking place.
Prospect-owned facilities in California have also updated their websites with alerts to reflect the system failure; however, there have been no complaints of specific service disruptions.
According to the Office for Civil Rights, there were around 295 breaches in the healthcare sector in the first six months of 2023, affecting nearly 40 million people.
It’s been the providers who have taken the brunt of the criticism. HCA Healthcare, a large hospital network, reported a data breach affecting 11 million patients in July, prompting many lawsuits from impacted individuals. While HCA’s investigation is ongoing, company executives recently stated on an earnings call that the hack would not have a “material impact” on the company’s operations.
In late 2022, the Catholic healthcare organization CommonSpirit Health discovered that a cyberware attack had affected upwards of 100 of its facilities across many states. More than 600,000 patients’ data was exposed, and the incident reportedly cost the company $150 million in lost revenue and other expenses.
The average cost of a cybersecurity breach for healthcare companies in 2022 was $10.1 million, an increase of 9.4% from 2021 and far higher than the mean cost of an intrusion in any other industry.