Prospect Medical: Twenty-Nine Emergency Divert Notifications Following Ransomware Attack


October 2, 2023

World map

A ransomware attack in early August on Prospect Medical Holdings forced the suspension of services at emergency rooms, cancelled medical procedures, downed billing systems, and caused ambulances to be diverted at multiple healthcare facilities in several states.  

“Over the course of a more than 40-day breach of three Prospect Medical Holdings hospitals in Connecticut, administrators at two of the facilities issued 29 ‘divert notifications’ to emergency personnel throughout the region,” WSHU reports.

“The hospitals were unable to bill Medicaid for payment, forcing the state Department of Social Services to advance them about $7.5 million. A review of the records shows the facilities had to cancel nearly half of their elective procedures and at times over the nearly six-week period couldn’t process X-rays or CT scans that are vital for treating potential stroke or heart attack victims.”

Facilities impacted included:

  • Connecticut: emergency departments at Manchester Memorial and Rockville General hospital were closed for much of Thursday and patients were diverted to other nearby medical centers.
  • Pennsylvania: services impacted at the Crozer-Chester Medical Center in Upland, Taylor Hospital in Ridley Park, Delaware County Memorial Hospital in Drexel Hill and Springfield Hospital in Springfield, according to the Philadelphia Inquirer.
  • California: seven hospitals in Los Angeles and Orange counties including two behavioral health facilities and a 130-bed acute care hospital in Los Angeles.

“I know we have a lot more to do and [need to] start to have these conversations, because it’s not a matter of if, it’s a matter of when more such attacks are going to happen,” said Sen. Saud Anwar, D-South Windsor, co-chair of the Public Health Committee.

“Shame on us if we don’t learn from what has happened.”

Takeaway: The attack on Prospect Medical Holdings illustrates how fragile our healthcare system is. Given that healthcare providers are a favorite target of some of the most notorious ransomware operators, we are likely to see more major regional healthcare providers suffer disruption that put patients at risk.

There is no way to argue against the fact that ransomware attacks on healthcare providers pose a significant threat to human life.

Attackers know that the more pain they can inflict on a victim, the more money they can extort from them, making healthcare the perfect target because the urgent nature of healthcare puts tremendous pressure on the targeted organization to pay the ransom demand.

Ransomware operators have zero concern about huma life, and they know that the impact of an attack against healthcare organizations doesn’t just disrupt operations - it directly affects the lives of patients – and they simply don’t care.

Criminal elements have significantly advanced their ability to quietly infiltrate large portions of a target's network, exfiltrating sensitive data to be used as additional leverage for demanding a higher ransom payout.

The average time it takes for an organization to recover from a ransomware attack has been pegged at about three weeks or more according to multiple studies. While a private, profitable organization may be able to weather such a lengthy disruption to operations, patients are different than customers, and they cannot afford delays in treatment without putting their health or lives at risk.

Last year CISA warned organizations to remain vigilant with respect to an increased risk from ransomware and destructive data attacks, and a joint alert was issued in early 2023 by CISA, the FBI, NSA, and HHS regarding and increase in ransomware attacks targeting healthcare providers.

We can expect to continue to see healthcare and other critical infrastructure providers be a favorite target given they typically have the least resources to dedicated to securing sensitive systems that can have the widest impact when disrupted in an attack.

The increase in the volume and impact of these attacks is nearing crisis levels, and unfortunately if we don’t get ahead of these attacks, we can likely expect to see systemic disruptions become patient deaths. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF).