PIH Health Ransomware Attack: Hackers Claim to Have Stolen 17 Million Patient Records
Ransomware Attack Paralyzes Operations at Three Hospitals
Hackers claim to have retrieved 17 million patient records, including confidential personal and medical information, in a ransomware attack on PIH Health that has paralyzed operations at three hospitals, the Southern California News Group has learned.
Attack Details
The attack, which occurred on December 1, downed computer and most phone systems at PIH Health Downey Hospital, PIH Health Whittier Hospital, and PIH Health Good Samaritan Hospital in Los Angeles. Additionally, urgent care centers, doctors’ offices, and a home health and hospice agency operated by PIH were also compromised.
Letter from Hackers
PIH officials declined to comment on a threatening typewritten letter purportedly faxed by the cyber criminals late last week, stating they are working with a cyber forensic specialist and the FBI to untangle the ransomware attack. The letter, which was circulated among several PIH employees, reads: "Be informed, there was a Ghost in your network! So the ghost has taken your data as evidence, and if you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet."
Claimed Stolen Data
The hackers claim to have stolen approximately 2 terabytes of materials, including:
- 17 million patient records that include personal and medical information
- Data for more than 8.1 million "medical episodes" along with patient home addresses, phone numbers, places of employment, and medical expenses
- Lists of confidential diagnoses, test results, patient photos, and scans
- Treatments for thousands of patients, including those diagnosed with cancer
- PIH’s oncology profitability and monthly volumes
- Private emails with patients about their treatments and test results
- About 100 active nondisclosure agreements between PIH and other medical organizations and parties
- Confidentiality agreements with employees
PIH’s Response
PIH officials on Wednesday declined to comment on the letter, stating they are working with a cyber forensic specialist and the FBI to untangle the ransomware attack. The FBI also declined to discuss the ongoing investigation.
Patient Care and Operations
Despite the attack, PIH officials stated that they are working to provide care to patients safely using downtime procedures at all facilities. Patients are being notified of appointments and treatment plans are being written by hand due to the lack of electronic recordkeeping.
Employee Experience
An employee of PIH reported that the internet workaround has been chaotic, with staff members using their personal cellphones to remind patients of appointments and fighting for temporary hotspots to connect laptops. "They are scrambling," the employee said. "It’s a day-to-day thing. The majority of locations have not used paper in 15 years. It’s a stark awakening."
Conclusion
The ransomware attack on PIH Health is a concerning incident that highlights the vulnerability of healthcare organizations to cyber threats. As the healthcare industry continues to rely on digital systems, it is crucial for organizations to prioritize cybersecurity and invest in robust protection measures to prevent such attacks.
FAQs
Q: What happened in the PIH Health ransomware attack?
A: Hackers claim to have stolen 17 million patient records and are demanding a ransom.
Q: Which hospitals were affected?
A: PIH Health Downey Hospital, PIH Health Whittier Hospital, and PIH Health Good Samaritan Hospital in Los Angeles were all affected.
Q: What data was stolen?
A: The hackers claim to have stolen approximately 2 terabytes of materials, including patient records, medical data, and confidential information.
Q: How is PIH Health responding to the attack?
A: PIH officials are working with a cyber forensic specialist and the FBI to untangle the ransomware attack and provide care to patients safely using downtime procedures.
Q: Is the FBI investigating the attack?
A: Yes, the FBI is investigating the attack along with PIH Health and a cyber forensic specialist.
