« Information Technology
  

17 Million Patient Records Stolen in PIH Health Ransomware Attack

A ransomware attack halted operations across three of PIH’s hospitals.

By Jeff Wardon, Jr., Assistant Editor


PIH Health suffered a ransomware attack that paralyzed operations across three of its hospitals, urgent care centers, doctor’s office, and a home health and hospice agency in California, Whittier Daily News reports. The attack forced staff to use manual documentation and personal devices, which has slowed down operations.  

Hackers claim to have stolen 17 million patient records, including confidential medical and personal data, and demand negotiation in exchange for a decryption key. PIH has acknowledged disruptions but has not confirmed the breach or ransom demands, according to the report. 

Ransomware attacks are becoming a common threat for healthcare facilities to face. They are a major target for ransomware attacks due to the perception of them not having robust cybersecurity protection, Eric O’Neill, former counterterrorism and counterintelligence operative for the FBI, previously told Healthcare Facilities Today. Further complicating matters is the idea that healthcare organizations are likely to pay up on a ransom. 

Related: Alleged Ransomware Administrator Extradited from South Korea

“They are perceived as generally paying because patient care suffers when systems go down,” says O’Neill. “Cyber attackers also know that the healthcare industry maintains very critical data that can cause massive reputation-related harm and severe downstream damage in identity theft. Because of this, they're perceived as being more likely to pay to get their data back or for the cybercriminal to destroy the data and not publish it on the dark web.” 

To defend against and prepare a response to ransomware, CNA recommends that healthcare facilities consider these steps:  

  • An assessment of potential cyber threats and how they may disrupt things, from small inconveniences to operational disruptions 
  • A comprehensive review of the healthcare facility’s mission-critical operations and the personnel, tools, facilities and systems needed to fulfill these operations 
  • Setting clear criteria for making major decisions 
  • Backup plans for keeping operations going in without systems such as phones, emails or electronic files 
  • Have plans for internal and external communications, including important contact in case internal address books can’t be used 
  • Have response plans specific to when partners – including critical vendors, nearby healthcare facilities or local government – are disabled by a cyberattack

Jeff Wardon, Jr., is the assistant editor for the facilities market. 



December 20, 2024


Topic Area: Information Technology , Security

Recent Posts

Designing Safe and Supportive Senior Care Facilities for Veterans

Veterans deserve a space that honors their service while supporting their unique needs as they age. 

Ground Broken on AdventHealth Celebration New Patient Tower

The new eight-story patient tower will bring the hospital’s bed count 437.

Designing for Rural Healthcare Access

Architects and designers can improve reach and outcomes by reimagining healthcare environments as inclusive, supportive, community-focused spaces.

STV Completes Flood Resilience Project at NYC Health + Hospitals/Metropolitan in East Harlem

New floodwalls and floodgates ensure the metropolitan hospital can withstand a one-in-500-year storm.

Los Angeles County Healthcare Facilities Battle Wildfires

Certain key facilities have burned down or narrowly escaped evacuations.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.