“Upon learning of this, we took our systems offline to protect them and launched an investigation,” the statement said. “This incident is a firm reminder that cybersecurity threats pose a real risk for health-care organizations across the nation. Prospect Medical Holdings is not the first health system that has been targeted by bad actors and, unfortunately, it will not be the last. We are working with investigators and law enforcement agencies to address this urgent situation.”
Eastern Connecticut Health Network, which is within the Prospect system, said it was “experiencing IT complications” on its website as of Saturday evening, shuttering its outpatient medical imaging and outpatient blood draw services, among others. Emergency rooms for two hospitals in the network diverted patients Thursday, the Hartford Courant reported.
CharterCARE Health Partners in Rhode Island wrote on Facebook on Thursday that its “computer systems are down and temporarily affecting inpatient and outpatient operations.” It added its staff was “following downtime procedures, including the use of paper records, until this is resolved.”
On Saturday, Waterbury Hospital in Connecticut said on Facebook that the incident “is affecting all Prospect Medical Holdings Inc. affiliates.” It added that “a few of its outpatient services” were not available Friday and Saturday, including outpatient blood draw and diagnostic imaging services. The hospital previously posted that it also relied on paper records for parts of this week as a result of the attack.
Ransomware attacks, including on medical systems, have become increasingly common as they digitize patient records and upgrade to cloud-based servers. Hackers deploy them to block an organization’s access to its own computer network and to extort a ransom from it.
“While our investigation continues,” Prospect Medical Holdings’s statement reads, “we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”