Hackers Compromise 17 Million Patient Records in Attack on Three Hospitals

IT Outage Linked to Ransomware Attack at California Healthcare Provider

In a significant cybersecurity incident, PIH Health, a regional healthcare provider in Southern California, has confirmed that it is grappling with an ongoing IT outage following a ransomware attack on December 1. Cybercriminals claim to have exfiltrated 17 million patient records from the organization, which serves over three million residents across Los Angeles and Orange counties, including the San Gabriel Valley. The disruption in IT services has led to significant operational challenges, affecting patient care and operational capabilities across several facilities.

The attack has severely impacted three key hospitals: Downey Hospital, Good Samaritan Hospital, and Whittier Hospital, along with various urgent care centers, doctor’s offices, and home health services. In a statement issued Wednesday, PIH Health noted that the organization is actively collaborating with cyber forensic specialists to address the situation and determine the extent of the data breach. Notably, the organization has committed to notifying individuals if their protected health information is confirmed to be compromised.

Amid these challenges, the attackers reportedly sent PIH Health a threatening letter, claiming they possess 2 terabytes of stolen data and are prepared to publish it if their demands are not met. However, details regarding any specific ransom demands or the identity of the attackers remain undisclosed. The letter, which was partially revealed by a local news outlet, warned of the presence of a "ghost" in the network, indicating that the stolen data serves as leverage for negotiation.

The ongoing IT issues have forced PIH Health to implement downtime procedures across its facilities. Emergency rooms and urgent care centers continue to operate, but the organization has warned that some procedures and surgeries may face cancellations due to these technology-related disruptions. Additionally, patients are advised to bring physical copies of physician orders for outpatient services, as electronic order access remains impeded.

In terms of prescription management, PIH Health pharmacies are currently experiencing complications, particularly with filling new prescriptions and refills. Patients are being instructed to bring original medication containers and paper prescriptions—though controlled substances cannot be processed from paper orders. The organization is working diligently to mitigate the effects of this outage while also cooperating with law enforcement—local police, fire departments, and the FBI—to investigate the incident.

This breach marks a troubling trend for PIH Health, which previously reported a separate email phishing incident in 2020, affecting over 200,000 individuals. As the legal ramifications unfold, multiple law firms have begun to show interest in representing potential victims of this latest incident. It has been suggested that if the attackers’ claims are substantiated, this breach could emerge as one of the largest health data breaches reported in 2024, surpassing current records as logged by the U.S. Department of Health and Human Services.

Security experts are alarmed by the frequency and severity of such cyberattacks in the healthcare sector, predicting that disruptive incidents will persist unless substantial measures are adopted to fortify defenses. The MITRE ATT&CK framework can help contextualize the tactics possibly employed in this event, such as initial access through phishing, privilege escalation to gain additional access rights, and exfiltration of sensitive data as the attackers executed their strategy.

The broader implications of such incidents not only threaten patient privacy but also challenge the operational integrity of healthcare providers. To protect against these risks, stakeholders in the healthcare sector must prioritize cybersecurity resources and consider comprehensive strategies to mitigate vulnerabilities. As the investigation continues, healthcare organizations are urged to reassess their cybersecurity postures to safeguard against future attacks.

Source link