Cyberattack causes multiple hospitals to shut emergency rooms and divert ambulances

Cybercriminals attacked the computer systems of a California-based health care provider causing emergency rooms in multiple states to close and ambulance services to be redirected.

The ransomware attack happened at Prospect Medical Holdings of Los Angeles, which has hospitals and clinics in Connecticut, Pennsylvania, Rhode Island and Texas. Prospect Medical is investigating how the breach happened and is working on resolving the issue, the company said in a statement Friday. 

"Prospect Medical Holdings, Inc. recently experienced a data security incident that has disrupted our operations," the company said in a statement. "Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible."

The FBI said late Friday that it has also launched an investigation into the breach.

"We continue to encourage anyone who thinks they are a victim of this incident to report to ic3.gov or your local FBI field office," the agency said in a statement. 

Officials with the Pennsylvania Association of Staff Nurses and Allied Professionals, the nurses' union at Crozer-Chester Medical System in Springfield, say the hospital has reverted to a paper system because most of the computers are offline, CBS News reported. The computers are unlikely to be back online until next week, according to the labor group. 

Two hospitals in Rhode Island — Roger Williams Medical Center and Our Lady of Fatima — were also impacted, a law enforcement official told CBS News. 

Globally, the healthcare industry continues to be the top target for cyberattacks in the year ending in March, according to IBM's annual report on data breaches. For the 13th straight year, that sector reported the most expensive breaches of any field, averaging $11 million each. That's nearly double the average impact of a breach on the second-largest sector, finance, at $5.9 million each.

John Riggi, the American Hospital Association's senior cybersecurity advisor, said the recovery process can often take weeks, with hospitals in the meantime reverting to paper systems and humans to monitor equipment or run records between departments.

Elective surgeries, urgent care centers closed

The data breach forced the emergency departments Manchester Memorial and Rockville General in Connecticut to close Thursday. Hospital officials there diverted patients to nearby medical centers. All Prospect Medical-owned health care facilities "are experiencing IT complications" and many services including elective surgeries and urgent care has been closed, the company posted on its website. Podiatry, wound care, women's wellness and gastroenterology services have also been suspended. 

"Our computer systems are down with the outage affecting all Waterbury Health inpatient and outpatient operations," Prospect Medical's hospital in Waterbury, Connecticut, posted on its Facebook page. "We are in the process of reevaluating our downtime capabilities and may reschedule some appointments. Affected patients will be contacted."

In Pennsylvania, the attack affected services at Crozer Health facilities including: the Crozer-Chester Medical Center in Upland and Taylor Hospital in Ridley Park. Crozer closed vital health care services including emergency services at Springfield Hospital and  Delaware County Memorial Hospital last year, according to the Delaware County website.

— The Associated Press contributed to this report

In:
• Cyberattack

Khristopher J. Brooks

Khristopher J. Brooks is a reporter for CBS MoneyWatch covering business, consumer and financial stories that range from economic inequality and housing issues to bankruptcies and the business of sports.

Twitter