Prospect Medical Holdings Confirms Ransomware Attack and Subsequent “Data Security Incident”

[swidup]

https://www.jdsupra.com/legalnews/prospect-medical-holdings-confirms-8735339/

[swidup]

https://www.wafb.com/prnewswire/2023/11/07/privacy-alert-prospect-medical-holdings-under-investigation-data-breach-patient-records/?outputType=amp

[swidup]

https://ctmirror.org/2023/11/15/ct-echn-data-breach-prospect-medical-cyberattack/ Over 100K CT residents’ data stolen in Prospect hospitals breach

[swidup]

The multi-state data breach impacted Manchester Memorial Hospital, Rockville General Hospital and Waterbury Hospital.

https://www.wtnh.com/news/connecticut/3-connecticut-hospitals-contact-residents-impacted-by-data-breach/

[etgifford]

https://ctmirror.org/2023/10/01/ct-prospect-medical-holdings-hospitals-cyberattack-yale-sale/ https://ctmirror.org/2023/09/26/hospital-execs-to-lamont-lawmakers-seal-the-yale-prospect-deal/

[etgifford]

https://www.hipaajournal.com/prospect-medical-holdings-cyberattack-puts-connecticut-hospital-deal-at-risk/ https://www.scmagazine.com/news/rhysida-claims-responsibility-for-ransomware-attacks-on-prospect-medical-holdings https://securityboulevard.com/2023/10/a-closer-look-at-prospect-medical-holdings-ransomware-nightmare/

[etgifford]

Prospect Medical Holdings, Inc, HQ: Los Angeles, California, NAICS: 62622, Emp: 18000 (own hospitals, medical groups, provide healthcare services). HHS Office for Civil Rights breach portal indicates 342376 individuals (employee and patient) information was disclosed: name, address, date of birth, diagnosis, lab results, medications, treatment information, health insurance, provider/facility name, treatment dates, financial information, social security numbers, corporate documents, and patient records. Aug 24, 2023 “Rhysida”, ransomware-as-a-service group, took credit for the attack, advertising stolen information on the Dark Web for sale for 50 Bitcoins (approx.$1.3MM). The group drops an eponymous ransomware via phishing emails and Cobalt Strike to breach the network and deploy payload. Initial notifications to individuals affected went out Sept 29, 2023. For those with Social Security Numbers disclosed, Prospect offers two years of credit monitoring and identity protection services through IDX. Unauthorized access was gained between July 31 – Aug 3. Ransomware was executed Aug 3, 2023 @04:30. Prospect employees turned on their computers to find ransomware email sent at 09:44. Medical care and ambulances were diverted to other providers/hospitals, nearly half of elected procedures were cancelled, over a 6-week period there were times when X-rays or CT scans could not be processed. Sept 12, 2023 all services back online. The attack caused massive financial loss. A deal for Yale New Haven Health to purchase three hospitals in October 2022 could fall through due to this attack.