Cyberattack on Prospect Medical Holdings, Mount Graham Regional Medical Center, and McLaren Health Care

On August 1, 2023, Prospect Medical Holdings based in Los Angeles, CA discovered suspicious activity in parts of its IT network. The company conducted a forensic investigation to figure out the nature and extent of the data breach, and it was established that on September 13, 2023, an unauthorized third party accessed part of its IT network from July 31 to August 3, 2023. In that period of time, the attacker accessed and/or obtained files that contained the data of a number of patients and workers.

The breached information belongs to patients from these facilities:

  • Foothill Regional Medical Center
  • Los Angeles Community Hospital
  • Los Angeles Community Hospital at Bellflower
  • Los Angeles Community Hospital at Norwalk
  • Southern California Hospital at Culver City
  • Southern California Hospital at Van Nuys
  • Southern California Hospital at Hollywood

Prospect Medical Holdings has additionally affirmed that 24,130 present and past workers and dependents from the Waterbury Health and Prospect Medical’s Eastern Connecticut Health Network (ECHN) facilities likewise had their data compromised. The breached data differed from one person to another and might have contained names along with at least one of these data: address, birth date, diagnosis, laboratory results, medicines, other treatment details, medical insurance data, name of provider/facility, treatment date(s), and financial data. A number of patients likewise had their driver’s license number and Social Security number compromised.

Patients began receiving notification regarding the data breach on September 29, 2023, and free credit monitoring and ID protection services were provided to people whose driver’s license number or Social Security number were compromised. Prospect Medical Holdings stated supplemental safety measures and technical security procedures were put in place to better secure and keep track of its systems.

The security incident has not yet been published on the HHS’ Office for Civil Rights breach website; nevertheless, the breach report was submitted to the Maine Attorney General indicating that 190,492 persons were impacted. Prospect Medical Holdings hasn’t revealed which group was responsible for the attack, however, the Rhysida ransomware group has stated that it was behind the attack.

Acquisition Deal in Jeopardy After the Cyberattack

The three Connecticut hospitals that were impacted by the attack are now with Yale New Haven Health under an acquisition agreement. Although the offer to get the facilities was decided in October 2022, that deal is now in doubt after the cyberattack. Yale New Haven Health has increasing issues concerning the purchase of the Waterbury Health and ECHN facilities because of the cyberattack and the declining condition of the facilities.

A representative of Yale New Haven Health stated a multi-party restoration plan was suggested to preserve the deal and that it is involved in conversations with Prospect Medical Holdings and is attempting to come to an agreement on a path onward. In case the deal pushes through, the medical facilities will be in danger of closure because they aren’t financially feasible, which would be devastating for the communities where the hospitals are located.

Up to 2.5 Million McLaren Health Care Patients Affected by Ransomware Attack

15-hospital health system, McLaren Health Care, based in Grand Blanc, Michigan, has reported that it suffered a ransomware attack and warned that the data contained in the stolen patient files could be exposed on the dark web.

The health system detected suspicious activity in its IT systems at the end of August, and it was later established that this was a ransomware attack. During the investigation, the computer network was disconnected from the web, which resulted in disruption throughout its medical facilities, though medical services were made available at all facilities and patient care was not affected

The ALPHV/BlackCat ransomware group professed that it was behind the attack and included McLaren Health Care on its dark web data leak website. ALPHV was created from the now-non-existent Conti ransomware group and is known for attacking medical care institutions. The group states it has exfiltrated over 6 terabytes of information during the attack and states the stolen information consists of the sensitive data of 2.5 million individuals. Though McLaren Health Care states all its networks are restored online, ALPHV states it still has access to the systems of McLaren Health Care via an active backdoor.

A representative for McLaren Health Care stated it is looking into reports of sensitive information being exposed on the dark web and claims cybersecurity experts have not seen any proof that indicates the group continues to access its IT systems. The potentially exposed data is still being reviewed by McLaren Health Care and will send notification letters to the impacted persons when that procedure is finished. At this point, there is no confirmation yet from McLaren Health Care regarding the number of affected patients.

Other healthcare companies that were recently posted in the group’s data leak website included Pain Care Specialists of Oregon, Prestige Senior Living, and MNGI Digestive Health. Data from MNGI Digestive Health was published on the ALPHV leak website after no ransom payment was made. Currently, there is no exposed McLaren Health Care information on the group’s leak website.

Cyberattack on Mount Graham Regional Medical Center

Mount Graham Regional Medical Center based in Safford, AZ, encountered a cyberattack that affected its network, including its data and communications programs. The medical center confirmed in a press release that it is looking into the matter to find out the scope of the event and if patient information was exposed.

A representative of the medical facility affirmed that it has notified law enforcement and third-party specialists were involved to help with the investigation. If the exposure or compromise of patient data is confirmed, the provider will mail notification letters without delay.