FBI investigating ransomware attack crippling hospitals across 4 states

This article was updated at 6:10 p.m. EST with comment from the Cybersecurity and Infrastructure Security Agency.

A major hospital network with arms in multiple states is dealing with widespread network outages due to a cyberattack, which the FBI confirms is ransomware.

Prospect Medical Holdings operates 16 hospitals in California, Connecticut, Pennsylvania, and Rhode Island as well as a network of 166 outpatient clinics and centers.

On Thursday, the network began facing issues at its hospitals nationwide — some of which had to divert patients to other facilities and stop operation.

In a statement to Recorded Future News, the FBI said it is investigating the ransomware attacks but said they are unable to provide more information because it is an ongoing investigation. No ransomware gang has claimed the attack.

A spokesperson for Prospect confirmed that the hospital “recently experienced a data security incident that has disrupted our operations.”

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists. While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible,” the spokesperson said.

Several local news outlets across Pennsylvania and Connecticut have reported that the FBI is working directly with the hospitals to respond to the incident.

Eastern Connecticut Health Network wrote on its website that all elective surgeries will be canceled until further notice and facilities for wound healing, imaging, gastroenterology, podiatry, urgent care and women's wellness will be closed for the time being.

“We are reaching out to patients whose care appointments may be impacted today. We will continue to provide information as we receive updates,” the network said on Facebook.

The Associated Press reported that the emergency departments at Manchester Memorial and Rockville General hospitals — both part of Eastern Connecticut Health Network — were shut down as of Thursday.

Local news outlets in California, Connecticut, Pennsylvania, and Rhode Island tracked multiple hospital emergency rooms that were forced to divert patients or close their doors starting on Thursday. Some hospitals posted about the outages on Facebook pages

Prospect Medical Holdings did not respond to follow-up questions about whether it was a ransomware incident but officials at Delaware County’s Crozer Health in Pennsylvania told the Philadelphia Inquirer that they were dealing with a ransomware attack.

The attack on Prospect Medical Holdings mirrors several that have taken place in the last year. CommonSpirit Health — one of the largest nonprofit health care systems in the U.S. – confirmed in October that it was hit with ransomware, causing widespread outages and hospital closures in dozens of states.

An attempted ransomware attack on one of Florida’s biggest hospitals prompted outcry from Senator Rick Scott (R-FL) two weeks ago.

Scott demanded the FBI look into the data stolen during the attack and asked law enforcement to outline what efforts were being made to protect U.S. hospitals, noting the attack on CommonSpirit Health and several others in recent years.

The issue of ransomware attacks on hospitals has become so dire that the Department of Health and Human Services has been forced to release dedicated guides on specific ransomware gangs that have been known to target healthcare facilities.

“When these large hospital chains are hit with ransomware, as CommonSpirit Health was in 2022, it has a disproportionately negative impact on patient care,” said Recorded Future ransomware expert Allan Liska.

“In this case 16 hospitals across 4 states being hit by ransomware simultaneously puts an undue strain not just on patients but also other hospital systems in those states.”

Eric Goldstein, executive assistant director for cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), said the agency is "working in close coordination with our federal and private sector partners... and stands ready to provide any assistance needed."

"This incident underscores the seriousness of the cyber threat to our nation’s critical infrastructure," he said.