August 06, 2023
A ransomware cyberattack disrupted operations at four Pennsylvania healthcare facilities late last week. The attack targeted the computer networks of Prospect Medical Holdings and forced several clinics and hospital emergency rooms to shut down across Pennsylvania, Rhode Island, Connecticut, Texas and California.
In Pennsylvania, the ransomware attack impacted Delaware County Memorial Hospital in Drexel Hill, Taylor Hospital in Ridley Park, Crozer-Chester Medical Center in Upland, and Springfield Hospital in Springfield, in addition shuttering medical facilities in other states.
The cyberattack disrupted various aspects of the facilities' operations, including outpatient appointments, surgical procedures, blood drives, and ambulance routes, according to a CBS News report. Some of the affected emergency rooms were still closed as of Friday and a total recovery from the attack is expected to take weeks, if not longer.
Ransomware attacks have become a major cybersecurity threat, especially for the healthcare industry. Ransomware is a type of computer malware, or malicious software, that uses digital encryption to lock up critical files and then demands that the target pay the attackers some amount of money in order to regain access to the data.
In recent years, healthcare businesses and facilities have become the leading target of such attacks due to their copious volume of sensitive patient data, high potential for financial reward and, far too often, lackluster cybersecurity protections. Indeed, ransomware attacks on hospitals are said to have doubled since 2016, according to U.S News and World Report.
Ransomware attacks against healthcare facilities are particularly dangerous because in addition to compromising sensitive data, they can threaten the lives and well-being of a potentially large number of patients.
This isn't the first time Pennsylvania healthcare facilities have fallen victim to ransomware attacks. In 2020, leadership from Crozer-Keystone Health System said they had detected and isolated a ransomware attack before it could do the kind of damage caused by this more recent attack. In February of this year, the Lehigh Valley Health Network said it was hit by a ransomware attack initiated by a Russian gang, but declined to the pay the ransom. That attack did not disrupt healthcare services or operations.
This time, the malware targets were not so lucky. As of Sunday morning, the website for Delaware County Memorial Hospital said the facility was still "temporarily closed" due to "a system-wide outage" at Prospect Medical facilities.