Hackers claim they have retrieved 17 million patient records, including confidential personal and medical information, in a ransomware attack on PIH Health that has paralyzed operations at three hospitals, the Southern California News Group has learned.
The Dec. 1 attack downed computer and most phone systems at PIH Health Downey Hospital, PIH Health Whittier Hospital and PIH Health Good Samaritan Hospital in Los Angeles. Also compromised were urgent care centers, doctors offices and a home health and hospice agency operated by PIH.
PIH officials on Wednesday declined to comment on a threatening typewritten letter purportedly faxed by the cyber criminals late last week, saying they are working with a cyber forensic specialist and the FBI to untangle the ransomware attack. The FBI also declined to discuss the ongoing investigation.
“Be informed, there was a Ghost in your network!” reads the letter circulated among several PIH employees. “So the ghost has taken your data as evidence, and if you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet.”
Whittier Informed, a grassroots news organization, first reported the letter’s content.
SCNG received a copy of the letter from a PIH employee who declined to be identified because they are not authorized to speak about the cyber attack. A similar letter was faxed to PIH Whittier Hospital’s Emergency Department on the evening of Nov. 30 but initially was not taken seriously by staff on duty, the worker said.
Purportedly, neither letter contained specific demands and it is unknown if PIH has paid a ransom to the hackers. No known group has taken credit for the attack.
The most recent letter states the cyber thieves found PIH’s network “highly vulnerable,” with data stored insecurely on computer servers. The hackers claimed to have stolen about 2 terabytes of materials, including:
To validate their claims, the hackers included in the letter a link to screenshots of PIH’s monthly oncology reports and patient billing information.
“You have to resolve these issues immediately,” states the letter, which promises to provide PIH a “decryption key” to restore computer servers if its demands are met. “Contact our recovery team to discuss the situation and we’ll provide you with assistance.”
PIH said on its website it does not have any information about patient information being compromised and will contact affected individuals if more information becomes available.
Meanwhile, patient health records, laboratory systems, pharmacy, radiology, patient registration, and all other information technology systems and tools, including internet access, are down at the three hospitals, urgent care centers, doctors’ offices, and home health and hospice agency.
Phone lines for PIH Health Whittier and PIH Health Downey have been rerouted to operators at PIH Health Good Samaritan Hospital in Los Angeles, where the lines remain functional.
“However, we continue to provide care to patients safely using our downtime procedures at all of our facilities,” PIH Health spokesperson Amanda Enriquez said in an email. “As these procedures entail non-electronic documentation, records and communication, staff are having to adjust to changes in their regular workflows.”
PIH’s internet workaround during the cyber crises has been chaotic, said an employee. Staff members are using their personal cellphones to remind patients of appointments and must jockey for temporary hotspots scattered throughout the medical facilities to connect laptops, according to the worker.
Additionally, patient information, treatment plans and prescriptions have to be written by hand because electronic recordkeeping is unavailable.
“They (PIH) are scrambling,” said the employee, who added that many workers are volunteering for overtime shifts to staff overwhelmed departments. “It’s a day-to-day thing. The majority of locations have not used paper in 15 years. It’s a stark awakening.“
Watsonville Community Hospital in Watsonville also was attacked by hackers over the Thanksgiving weekend, according to Becker’s Healthcare, which noted that medical systems are often victimized around holidays when IT staff and employees are off.
More information about what patients should expect due to the PIH ransomware attack can be found on its website.
[contact-form]