FBI Investigates Cyberattack on US Healthcare Systems

The FBI is investigating a ransomware attack that shut down emergency rooms and other healthcare facilities across the U.S.

Prospect Medical Holdings, which operates healthcare facilities in Texas, Connecticut, Rhode Island, and Pennsylvania, began reporting disruption last week.

In Connecticut, the emergency departments at Manchester Memorial and Rockville General Hospital were closed for much of Thursday, August 4, and patients were diverted to other nearby medical centers.

It was a similar story elsewhere, with ambulances carrying critically injured patients being redirected to other facilities as the targeted hospitals struggled to access digital systems.

Many were forced to abandon their computers altogether and track patients with pen and paper.

The attack was later confirmed to be ransomware, a form of malware that encrypts files and demands a payment be made to free the infected systems. It’s unclear who is responsible for the attack, but ransomware gangs run rampant online.

A spokesperson for the FBI said it was working with “law enforcement partners and the victim entities” but couldn’t comment further on an ongoing investigation.

What was the damage?

According to the Eastern Connecticut Health Network, which runs some of the targeted systems, the attack disrupted countless essential services. This includes elective surgeries, outpatient appointments, blood drives, and ambulances.

Emergency departments reopened hours after the attack, but other services were faced continued disruption.

In Pennsylvania, the attack affected facilities including the Crozer-Chester Medical Center in Upland; Taylor Hospital in Ridley Park; Delaware County Memorial Hospital in Drexel Hill; and Springfield Hospital in Springfield.

Elsewhere, seven hospitals in Los Angeles and Orange counties were affected, including two behavioral health facilities.

Upon learning of the attack, Prospect Medical Holdings said: “We took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists.”

It added: “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

An epidemic

The healthcare sector has for years been one of the worst affected by cyber crime. Such facilities process vast amounts of personal data about patients, including medical records and financial data, which makes them an attractive target for cybercriminals.

They can use that data to launch any number of attacks, from phishing scams to fraud.

Moreover, hospitals and other healthcare firms are often underfunded, meaning they have relatively few resources that they can dedicate to cybersecurity.

Indeed, many have been unable to upgrade devices and as a result are using old, unpatched operating systems that have known vulnerabilities.

In July, HCA Healthcare reported a data breach that exposed 11 million patients’ personal data, and in October last year a ransomware attack crippled the computer systems of CommonSprint facilities across the country.

Whereas the risks of cyber attacks for most sectors concern financial and reputational loss, the stakes are much higher in the healthcare sector. Hospitals say that more people die or see delayed care when they come under attack.

Commenting on this plight of cyber attacks, Ani Chaudhuri, the CEO of the California-based software firm Dasera, told Infosecurity Magazine:

“The impact on healthcare, already strained under the weight of the ongoing global health crisis, has immediate and far-reaching consequences on human lives.

“Moreover, the Covid-19 pandemic has accelerated the digital transformation in healthcare, pushing many providers to adopt cloud technologies quickly, often without the opportunity to implement robust security measures.”

Whether we’ll ever see a turning of the tide depends on the healthcare sector’s ability to repel attacks. While they remain so vulnerable, it only encourages cybercriminals to continue targeting them, and with no other option but to meet their ransom demands, a vicious cycle continues.

Meanwhile, the FBI and other law enforcement agencies continue to investigate the attack on Prospect Medical Holdings.

“We continue to encourage anyone who thinks they are a victim of this incident to report to ic3.gov or your local FBI field office,” it said in a statement last Friday.