The FBI is investigating a multiple-state hospital ransomware attack

Posted by
Check your BMI
A cartoon illustration shows a shadowy figure carrying off a red directory folder, which has a surprised-looking face on its side.
Illustration: Beatrice Sala

The FBI is investigating a ransomware attack that shut down emergency rooms in several states (via The Guardian). Ambulances were diverted while California-based Prospect Medical Holdings, which has hospitals in several states, “took our systems offline to protect them” and launched an investigation in partnership with “third party cybersecurity specialists,” it said in a statement to multiple outlets.

The Crozer-Chester Medical System (CCMS) in Springfield, Pennsylvania reverted to paper records after most of its computers went offline, and doesn’t expect them back online until next week, according to CBS News. Representatives of CCMS confirmed it was a ransomware attack, reported CNN Friday evening, as did the Eastern Connecticut Health Network (ECHN), speaking to local ABC affiliate WTNH News 8.

The ECHN has closed facilities like diagnostics labs and elective surgery centers, as well as portions of its network devoted to gastroenterology, podiatry, urgent care, women’s wellness, and more. The hospital network posted on Twitter, which is rebranding as X, that it would be contacting patients:

New Haven field office head Robert Fuller said the agency is “working closely with law enforcement partners and the victim entities to address the issues,” reported WTNH News 8. The CBS News report says the FBI encourages anyone who may be affected “to report or your local FBI field office,”

Hospital cyberattacks in the US are a persistent cybersecurity problem. Last month, HCA Healthcare reported a breach that exposed 11 million patients’ data, and in October a ransomware attack brought down the computer systems of CommonSpirit medical facilities across the country. Hospitals say more people die or see delayed care when attacks like these happen. And because hospital systems are more likely to pay a ransom than many other institutions, cybercriminals are encouraged to keep returning to that well.

Yesterday, the US Cybersecurity & Infrastructure Security Agency CISA debuted its FY2024-2026 Cybersecurity Plan, which it says will “change the trajectory of our national security risk” by calling for “foundational shifts” to get ahead of cybercriminals. The plan’s seeks to address immediate threats by disrupting cyberattack campaigns and mitigating exploits; harden systems against attack by offering organizations security investment guidance; and incentivize tech companies to pursue secure-by-default products and adopt transparent security practices.