Prospect Medical Holdings Suffers Cyberattack

In early August, multiple hospitals and clinic systems across the country realized they would have to grapple with a data security incident caused by a debilitating cyberattack.

What happened to Prospect Medical Holdings?

On August 3rd, 2023, multiple hospitals and primary care clinics managed by Prospect Medical Holdings realized they were suffering a data security incident, now suspected to be a ransomware attack. While Prospect Medical Holdings is based in California, the attack also impacted offices in Rhode Island, Connecticut, and Pennsylvania. Due to the attack, clinics and hospitals were forced to shut down their computer systems in an attempt to stop continued compromise.

Reverting a hospital to pre-1990s paper records can cause all sorts of complications. Things that used to be viewed with a few quick keystrokes need to be physically located and brought to doctors, and diagnostics that used to take minutes to process may take hours or potentially days. Emergency ambulance services had to be diverted to hospitals outside of the Prospect Medical Holdings network, which put additional strain on the surrounding facilities. Some of the sites had to pause outpatient services for several days, such as the Waterbury Health network. This data security incident had real world impacts on the health and safety of patients, and some of these impacts will be felt into the future. Prospect Medical Holdings now must go through the complicated process of fixing the flaws in the networks and processes that allowed the attack to be successful in the first place.


As of August 9, 2023, the site had a banner reading “Prospect Medical Holdings, along with all Prospect Medical facilities, is experiencing a systemwide outage. We are working to resolve the issue as soon as possible and regret any inconvenience.”

While the FBI is reported to be working with the impacted hospitals to assess and mitigate the damage, the possible threat of ransomware may complicate matters. If ransomware is involved, sensitive or protected information may have been stolen from the compromised systems. At the time of writing, no ransomware group has claimed the attack, and the FBI has not commented on the issue due their active investigation. If a ransom demand is made, the stance of the United States government is not to pay a ransom, as it incentivizes additional attacks and there is no guarantee that all the material will be returned.

 

Data Security is Critical

An ounce of prevention is worth a pound of cure. While the details of this attack have not been made public yet, its success means that data security was not adequately maintained. In attacks such as the one on Prospect Medical Holding, much of the data they possess is considered ePHI (electronic Protected Health Information) and thus the handling of the data is covered within HIPAA guidelines or GDPR.

Electronic protected health information (ePHI) includes all individually identifiable health information transmitted or stored electronically, which includes data that relates to physical or mental health conditions, payment details, and details that reasonably be assumed to identify an individual, such as name, address, birth date, or social security number.

This introduces an increased amount of scrutiny, beyond the risks to patient health and damage done to an intricate computer system. The network that links medical facilities together that can take months or even years to repair once an audit and investigation are completed, due to the complexity of modern medical networks. Healthcare offices are now connected by thousands of devices, which form an interconnected web of sensitive data. Even one of these devices being compromised can cause a massive amount of damage.

Device and Data Protection

That is why medical offices MUST manage their endpoints (i.e. any device that serves as a gateway to the network). These can range from large medical equipment to the cell phones doctors use to check emails. A well-informed Mobile Device Management (MDM) plan needs to be created, and supported by a robust endpoint security software solution and total employee and contractor buy-in.

Endpoint Security Software solutions such as DriveStrike provide hospital data security teams the ability to Locate devices in the event that one goes missing. Such solutions also allow hospitals to use a Remote Wipe to destroy ePHI on hard drives, or Lock and re-credential devices so they cannot be accessed without the user attaining the new code from the DriveStrike Administrator in their hospital or office. The software can be deployed on any number of devices, so it can protect small specialty offices or large hospital systems.

 

Cybersecurity Training

Employees, staff, and contractors must also be trained to handle devices, data, and medical information. Creating a culture of data security is critical for protecting patients’ ePHI. Technology and policy are important, but without a vigilant workforce, even the best plans and software solutions can be broken by a bad actor. With ongoing training, employees can better protect patients and their data from cyber criminals by recognizing and reporting suspicious cyber activity.

Full details of the Prospect Medical Holding data security incident are not known yet, although some educated guesses can be made about the nature of the attack. While data breaches and ransomware are increasingly common, that does not mean that medical offices must be resigned to having ePHI stolen. Protecting endpoints and heightening data security policies through employee training will go a long way towards strengthening a healthcare organization’s defensive posture.

Start Your Free 30 Day Trial

Each day brings new data security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.