Hackers have demanded a ransom from two more Southern California hospitals and federal authorities are investigating the case, according to a report from Kaiser Health News. Prime Healthcare Services Inc., a national hospital chain, said the attackers infiltrated computer servers at two of its California hospitals, Chino Valley Medical Center in Chino and Desert Valley Hospital in Victorville. The company said the cyberattack had not affected patient safety or compromised records on patients or staff.
Two sources familiar with the investigation told Kaiser that the hackers had demanded a ransom to unlock the hospital computer systems, similar to what happened last month at Hollywood Presbyterian Medical Center in Los Angeles. Hollywood Presbyterian said it paid $17,000 in bitcoin to hackers to regain access to the institution’s computers.
Fred Ortega, a spokesman for Prime Healthcare, declined to comment on whether Prime received a ransom demand or paid any money, citing the ongoing investigation.
“This is similar to challenges hospitals across the country are facing, and we have taken extraordinary steps to protect and expeditiously find a resolution to this disruption,” Ortega said. “The concern now is to let law enforcement do their thing and find the culprit.”
“We are investigating a compromise of the network at these locations,” FBI spokeswoman Laura Eimiller said. She declined to discuss specifics of the case. The FBI is also investigating the attack at Hollywood Presbyterian.
Ortega said the two hospitals affected remain operational and that steps are being taken to restore their computer systems to full functionality. He said some IT systems were shut down by hospital staff as a preventive measure so that malicious software couldn’t spread further.
The company said it is working with data security experts and the California Department of Public Health on the matter.
Prime Healthcare, based in Ontario, California, runs 42 hospitals in 14 states. The company has faced trouble over lapses on patient privacy in the past. In 2013, Prime agreed to a $275,000 settlement to resolve a federal investigation involving a breach of patient confidentiality. Officials found that the company’s Shasta Regional Medical Center had shared a woman’s medical files with journalists and had sent an email about her treatment to all hospital employees.
A series of high-profile data breaches in the past year have raised questions about the ability of hospitals, health insurers, and other medical providers to safeguard the troves of electronic medical records and other sensitive data they are stockpiling on millions of Americans, Kaiser noted.
Source: Kaiser Health News; March 22, 2016.