Prospect Medical Holdings Ransomware Attack Investigation
The Lyon Firm is investigating a ransomware attack that may be impacting over 100 medical centers and multiple hospitals. Prospect Medical Holdings, the parent company of Crozer Health, ECHN clinics and many others around the country could be affected.
A ransomware attack is allegedly hobbling hospitals and clinics around the country owned and operated by Prospect Medical Holdings. Crozer Health has been one of the first to speak of the matter, saying the security issue is not just Crozer but “Prospect-wide.”
The ransomware group Rhysida claims to have stolen 1 terabyte of documents and a 1.3 terabyte SQL database that contains 500,000 Social Security numbers, corporate documents, and patient records. The group said it threatens to sell Prospect Medical’s allegedly stolen data.
Hospitals and healthcare organizations have become frequent targets for ransomware gangs since they often run on outdated IT systems and store a wide range of sensitive personal information.
What happened?
The computer systems at Crozer Health were offline Aug. 3 after the apparent ransomware attack on Prospect Medical. Ransomware is a sophisticated malware that encrypts files, making them unusable until a financial demand is met.
Crozer Health includes Crozer-Chester Medical Center and Taylor Hospital. Prospect Medical also ended some inpatient services at Delaware County Memorial Hospital and Springfield Hospital.
The same Rhysida cyberattack is suspected to have caused a major IT issue that forced the Eastern Connecticut Health Network (ECHN) to divert patients from its emergency rooms. At the time of reporting, the breach was affecting the ERs at both Manchester Memorial Hospital and Rockville General Hospital.
HHS describes Rhysida as a new ransomware-as-a-service (RaaS) group that drops ransomware via phishing attacks and Cobalt Strike to breach vulnerable networks. The group then threatens to publicly distribute the exfiltrated data if the victim does not pay a ransom.
The health-care sector has become a likely target for cyberattacks, partly because the industry lags others in cybersecurity. Hospitals are considered a lucrative target because its data systems contain sensitive personal information like names and addresses, ages, and Social Security numbers.
About Prospect Medical
Prospect Medical Holdings, established in 1996, is a healthcare services company based in California with a focus on preventive care. Prospect owns 16 hospitals in four states (Southern California, Connecticut, Pennsylvania, and Rhode Island) that include related medical centers, academic teaching hospitals, behavioral health facilities, community hospitals, and long-term care facilities. They also operate a network of 166 outpatient clinics and centers, which include:
- Bellflower Behavioral Health Hospital
- Foothill Regional Medical Center
- Los Angeles Community Hospital
- Norwalk Community Hospital
- Southern California Hospital at Culver City
- Southern California Hospital at Hollywood
- Van Nuys Behavioral Health Hospital
- Eastern Connecticut Health Network (ECHN)
- Waterbury HEALTH
- Crozer Health
- CharterCARE Health Partners
- Gateway Medical Center
- Alliance Medical Group
- Cardiology Associates
- Chase Outpatient Center
- ECHN Medical Group Offices
- ECHN Diagnostics
- ECHN Rehabilitation
- Evergreen Endoscopy
- Evergreen Imaging
- Family Development Center
- Greater Waterbury Imaging Center
- The Harold Leever Regional Cancer Center
- John A. DeQuattro Cancer Center
- Maternity Care and Family Planning
- Tolland Imaging Center
- Urgent Care at South Windsor Campus
- Visiting Nurse and Health Services of Connecticut (Home Health and Hospice)
- VNA Health at Home
- Waterbury HEALTH Outpatient Behavioral Health
- Waterbury Surgery Center
- Women’s Center for Wellness
- Crozer Brinton Lake
- Crozer Health at Broomall
- Surgery Center at Haverford
- Southern New England Rehab Center
- Joseph Health Center
- CharterCARE Home Health Services
Contact The Lyon Firm with questions about legal action following any healthcare data breach incident. The firm is involved in numerous data privacy cases and has filed data breach lawsuits on behalf of victims nationwide.