Health

Hackers target 2 more Southern California hospitals

File: The entrance to Hollywood Presbyterian Medical Center in Los Angeles.
File: The entrance to Hollywood Presbyterian Medical Center in Los Angeles.
Flickr Omar Bárcena/Creative Commons

Hackers have attacked two more Southern California hospitals and federal authorities are investigating the case, according to the hospitals’ parent company.

Prime Healthcare Services Inc., a fast-growing national hospital chain, said a malware attack disrupted computer servers on Friday at two of its California hospitals, Chino Valley Medical Center in Chino and Desert Valley Hospital in Victorville.

The company said late Monday the cyberattack didn’t affect patient safety or compromise patient records.

“This is similar to challenges hospitals across the country are facing, and we have taken extraordinary steps to protect and expeditiously find a resolution to this disruption,” said Fred Ortega, a spokesman for Prime Healthcare.

Ortega said the company notified the FBI and that the agency is investigating the malware attack.

A spokeswoman for the FBI didn’t have an immediate comment late Monday.

Federal law enforcement has been investigating a similar case at Hollywood Presbyterian Medical Center in Los Angeles. Last month that hospital said it paid a $17,000 ransom in bitcoin to hackers who had seized control of the hospital’s computer systems.

The hackers used malware to infect Hollywood Presbyterian’s computers and demanded payment to return access to patient data.

Ortega declined to answer questions about whether there was any ransom demand, citing the ongoing investigation.

“We received a malware attack and we were able to identify the issue early on,” Ortega said. “The concern now is to let law enforcement do their thing and find the culprit.”

Ortega said the two hospitals affected remain operational and steps are being taken to restore their computer systems to full functionality. He said some IT systems were shut down by hospital staff as a preventive measure so malicious software didn’t spread further.

The company said it’s working with data security experts and the California Department of Public Health on the matter.

Prime Healthcare, based in Ontario, Calif., has acquired struggling hospitals across the country and has become one of the nation’s largest health systems. It runs 42 hospitals in 14 states. The company is led by its outspoken chairman and chief executive, Dr. Prem Reddy.

A series of high-profile data breaches in the past year have raised fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling on millions of Americans.

Prime Healthcare has faced trouble over lapses on patient privacy in the past.

In 2013, the company agreed to a $275,000 settlement to resolve a federal investigation involving a breach of patient confidentiality. Officials found that Prime’s Shasta Regional Medical Center had shared a woman’s medical files with journalists and sent an email about her treatment to all hospital employees.

This story was produced by Kaiser Health News, which publishes California Healthline, a service of the California Health Care Foundation.