By Jeff Wardon, Jr., Assistant Editor

PIH Health suffered a ransomware attack that paralyzed operations across three of its hospitals, urgent care centers, doctor’s office, and a home health and hospice agency in California, Whittier Daily News reports. The attack forced staff to use manual documentation and personal devices, which has slowed down operations.  

Hackers claim to have stolen 17 million patient records, including confidential medical and personal data, and demand negotiation in exchange for a decryption key. PIH has acknowledged disruptions but has not confirmed the breach or ransom demands, according to the report. 

Ransomware attacks are becoming a common threat for healthcare facilities to face. They are a major target for ransomware attacks due to the perception of them not having robust cybersecurity protection, Eric O’Neill, former counterterrorism and counterintelligence operative for the FBI, previously told Healthcare Facilities Today. Further complicating matters is the idea that healthcare organizations are likely to pay up on a ransom. 

Related: Alleged Ransomware Administrator Extradited from South Korea

“They are perceived as generally paying because patient care suffers when systems go down,” says O’Neill. “Cyber attackers also know that the healthcare industry maintains very critical data that can cause massive reputation-related harm and severe downstream damage in identity theft. Because of this, they're perceived as being more likely to pay to get their data back or for the cybercriminal to destroy the data and not publish it on the dark web.” 

To defend against and prepare a response to ransomware, CNA recommends that healthcare facilities consider these steps:  

• An assessment of potential cyber threats and how they may disrupt things, from small inconveniences to operational disruptions 
• A comprehensive review of the healthcare facility’s mission-critical operations and the personnel, tools, facilities and systems needed to fulfill these operations 
• Setting clear criteria for making major decisions 
• Backup plans for keeping operations going in without systems such as phones, emails or electronic files 
• Have plans for internal and external communications, including important contact in case internal address books can’t be used 
• Have response plans specific to when partners – including critical vendors, nearby healthcare facilities or local government – are disabled by a cyberattack

Jeff Wardon, Jr., is the assistant editor for the facilities market.