Manchester: On Friday, medical facilities in a number of states started the laborious process of recovering from a cyberattack that caused their computer systems to malfunction, forcing some emergency rooms to close and ambulances to be diverted.
On Friday, many primary care services at Prospect Medical Holdings-managed facilities were still closed as security professionals tried to ascertain the scope of the issue and fix it.
According to John Riggi, national advisor for cybersecurity and risk for the American Hospital Association, the recovery process can frequently take weeks, during which time hospitals revert to using paper-based systems and staff members to perform tasks like keeping track of equipment and transferring records between departments.
Also Read: Daesh confirms the passing of its leader and names a successor
These crimes pose a threat to life, endangering not only the security of the hospital's patients but also that of the entire neighbourhood, which relies on the emergency department's readiness.
The most recent "data security incident" started on Thursday at locations run by Prospect, a company with hospitals and clinics not only in California but also in Texas, Connecticut, Rhode Island, and Pennsylvania.
The business said in a statement on Friday that it "took our systems offline to protect them upon learning of this and launched an investigation with the assistance of third-party cybersecurity specialists." While our investigation is ongoing, we are concentrated on attending to our patients' urgent needs while working hard to resume normal business as soon as possible.
According to National Security Council spokesperson Adrienne Watson, the White House has been keeping an eye on the cyberattack.
As part of the statement, Watson added, "The Department of Health and Human Services has been in contact with the company to offer federal assistance, and we are ready to provide support as needed to prevent any disruption to patient care as a result of this incident."
The emergency rooms at Manchester Memorial and Rockville General hospitals in Connecticut were closed for the majority of Thursday, and patients were transferred to other nearby hospitals.
According to a statement from Jillian Menzel, chief operating officer of the Eastern Connecticut Health Network, "We have a national Prospect team working and evaluating the impact of the attack on all of the organisations."
In a statement, the FBI in Connecticut stated that it is collaborating with "law enforcement partners and the victim entities" but that it was unable to provide any additional information due to an ongoing investigation.
Officials would neither confirm nor deny that the incident had all the characteristics of an extortive ransomware. Such attacks involve the theft of private information from targeted networks, the activation of malware that paralyses those networks, and ransom demands.
Because there is no assurance that the stolen data won't eventually be sold on dark web criminal forums, the FBI advises victims not to pay ransoms. According to Riggi, paying ransoms also supports criminal activity and funds additional assaults.
Also Read: US Considers Deploying Armed Personnel on Commercial Ships to Thwart Iranian Seizures
According to the Eastern Connecticut Health Network, which manages many of the Connecticut facilities, elective surgeries, outpatient appointments, blood drives, and other services were suspended as a result of the attack. While the emergency departments reopened late Thursday, many primary care services were closed on Friday. Individual contacts with patients were being made, according to the network's website.
Other facilities throughout the system also reported experiencing similar disruptions.
"Waterbury Hospital is following downtime procedures, including the use of paper records, until the situation is resolved," spokeswoman Lauresha Xhihani said in a statement. "We are collaborating closely with IT security professionals to find a quick solution."
According to the Philadelphia Inquirer, the attack had an impact on services at a number of facilities in Pennsylvania, including the Crozer-Chester Medical Centre in Upland, Taylor Hospital in Ridley Park, Delaware County Memorial Hospital in Drexel Hill, and Springfield Hospital in Springfield.
According to Prospect's website, the company operates seven hospitals in the Californian counties of Los Angeles and Orange, including two behavioural health facilities and a 130-bed acute care hospital in Los Angeles. Replies to messages left with representatives of these hospitals were delayed.
According to IBM's annual report on data breaches, the health care sector was the one that was hit by cyberattacks the hardest globally in the year that ended in March. It reported the most costly breaches, averaging $11 million each, for the thirteenth consecutive year. The financial industry came in second with $5.9 million.
Because they have access to so much sensitive patient information, such as medical histories, payment information, and even vital research data, Riggi said that healthcare providers are a frequent target for criminal extortionists.
Also Read: GCC Chief Emphasizes Vital US Partnership to Safeguard Maritime Navigation Freedom
Hospitals have been working to implement better defences and more backup systems to fend off such attacks and respond to them when they take place, according to Riggi, a former cybersecurity specialist with the FBI. However, he asserted that it would be nearly impossible to make them completely secure, particularly given that the systems must rely on Internet and network-connected technologies to allow clinicians involved in a patient's care to share patient information.
Overall, he said, "that's a good thing." However, it increases the size of our digital attack surface