A Cyberattack Has Disrupted Hospitals and Health Care in Several States

A cyberattack has disrupted hospital computer systems in several states, forcing some emergency rooms to close and ambulances to be diverted, and many primary care services remained closed on Friday as security experts worked to determine the extent of the problem and resolve it. From a report: The "data security incident" began Thursday at facilities operated by Prospect Medical Holdings, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania. "Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists," the company said in a statement Friday. "While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible." In Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital were closed for much of Thursday and patients were diverted to other nearby medical centers.

[...] The FBI in Connecticut issued a statement saying it is working with "law enforcement partners and the victim entities" but could not comment further on an ongoing investigation. Elective surgeries, outpatient appointments, blood drives and other services were suspended, and while the emergency departments reopened late Thursday, many primary care services were closed on Friday, according to the Eastern Connecticut Health Network, which runs the facilities. Patients were being contacted individually, according to the network's website. Similar disruptions also were reported at other facilities system-wide.

This is exceptionally unsurprising.

[Moryath]

Anyone who's had to work in hospital IT will tell you; they're even more under-resourced and underfunded than public-education IT. Generally only 1-2 IT staff per hospital (if it isn't just outsourced to a phone company in shitty countries like Malaysia or India), massive amounts of endpoints that "can't be upgraded" or "can't be updated" because of arcane medical-certification requirements.

I recently had to help someone source parts to repair a Win98 machine that was still running some sort of medical analysis cart. I didn't ask. I've seen it often enough.

The ironic thing is that this is a direct result of the "for profit" medical system. The 1973 HMO Act has led to this crap, slowly but surely, in the "Enshittification principle" as described by Cory Doctorow.

Re: This is exceptionally unsurprising.

[trancertong]

In my area hospitals are a bit better staffed than that but the second part is dead-on. I've never seen any other industry where more ancient hardware and software is kept alive because of some obscure software or equipment that is absolutely unreplaceable and the vendor is either long gone or just doesn't care. Sure there are mitigating factors but a doctor or *shudder* board member might not see the utility of an air gap and only see that it's making people's jobs more difficult. Hopefully these very pu

Re:

[inode_buddha]

From management's viewpoint, C is the best because then you can point the finger at some outside organization when things go wrong.

Kinda makes you miss....

[cayenne8]

Kinda makes you miss paper records now, doesn't it?

At least for backup...

Re:

[Anonymous Coward]

nope, not at all... we had to revert to paper a couple years ago due to a cyberattack that took us down for weeks... nothing is more concerning than seeing a massive cafeteria with tables pushed together and about 30 old women sorting through MOUNTAINS of paper and running them around the office to the one fax machine that still worked

Who is their cybersecurity provider?

[froggyjojodaddy]

I'm always interested in who their current cybersecurity provider is but it's never mentioned.

Re:

[Anonymous Coward]

windows defender or what ever came with computer

drag 'em off to The Hague

[Thud457]

This shit violates article 19 of the Geneva convention.

These fuckers are AT WAR with Civilization, and we need to treat them thus.

Re:

[Fuck_this_place]

People don't seem to realize, the war in Ukraine is for ALL the marbles. There is also no such thing as neutral, and this is way bigger than it looks.

Re:

[Ferocitus]

This shit violates article 19 of the Geneva convention.

These fuckers are AT WAR with Civilization, and we need to treat them thus.

Excellent plan! First, though, you need to get the US to join the civilizations who are signatories to the ICC. And maybe repeal "The Hague Invasion Act".

President George W. Bush signed the American Service-Members' Protection Act, (informally referred to as The Hague Invasion Act), to signify the United States' opposition to any possible future jurisdiction of the court or its tribunals.
https://en.wikipedia.org/wiki/... [wikipedia.org]

I bet I know what's behind it

[CEC-P]

Without even looking at the article or police report, I would put massive betting odds on them using HCL for their IT department. You know, the $50 billion IT company that specializes in medical stuff? I used to work for them. They have no idea what they're doing and all of their employees have fake degrees. Their network specialist didn't know how to ping an IP address.

Just Look at Their Leadership Team

[laughingskeptic]

MBA, MD, Finance, JD, JD, HR, Nurse, JD -- No one to provide technical input or represent IT needs, much less drive compliance. This is typical in the medical services world. Most boards lean more towards doctors than attorneys but they are consistent in not having a CIO.