Pierluigi Paganini
August 28, 2023
In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings, which are located in multiple states, including California, Texas, Connecticut, Rhode Island, and Pennsylvania.
Some emergency rooms in multiple hospitals in several states were forced to close and ambulances were diverted due to a cyberattack against their networks.
According to the Philadelphia Inquirer, many services across facilities in Pennsylvania were disrupted, including but not limited to Crozer-Chester Medical Center in Upland, Taylor Hospital in Ridley Park, Delaware County Memorial Hospital in Drexel Hill, and Springfield Hospital in Springfield.
Many primary care services were closed on Friday while third-party security experts started investigating the security incident. In some hospitals, elective surgeries, outpatient appointments, blood drives and other services were suspended on Thursday. In some hospitals, including the Waterbury Hospital, the medical staff was forced to use use of paper records.
Waterbury Hospital is following downtime procedures, including the use of paper records, until the situation is resolved
“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” reads a statement published by the company. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”
The patients of the Manchester Memorial and Rockville General Hospital in Connecticut were diverted to other nearby medical centers.
The impacted patients were being contacted individually, according to the company’s website.
Now the Rhysida ransomware group has claimed responsibility for the cyberattack. BleepingComputer first reported that the group claimed to have stolen a database containing 500,000 social security numbers, corporate documents, and patient records.
The group also claims to have stolen 1 TB of documents.
“They kindly provided: more than 500000 SSN, passports of their clients and employees, driver’s licenses, patient files (profile, medical history), financial and legal documents!!! If you are interested in our partner’s confidential documents, you will be able to purchase them too!!! Total 1TB unique files, as well as 1.3TB SQL database.” states the group on its Tor leak site.
The Rhysida ransomware group is threatening Prospect Medical Holdings to leak the stolen data if the company will not pay a 50 Bitcoins ransom (worth $1.3 million).
The group shared images of social security cards, documents, and patient records as proof of the attack.
The Rhysida ransomware group has been active since May 2023, according to the gang’s Tor leak site, at least 44 companies are victims of the operation.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Rhysida ransomware)
