17M Patient Records Stolen in Ransomware Attack on Three California Hospitals

A staggering 17 million patient records, containing sensitive personal and medical information, have been stolen in a devastating ransomware attack on PIH Health.

The cyberattack, which began on December 1, has disrupted operations at three hospitals: PIH Health Downey Hospital, PIH Health Whittier Hospital, and PIH Health Good Samaritan Hospital, as well as affiliated urgent care centers, doctors’ offices, and a home health and hospice agency.

According to the Daily News report, the hackers behind the attack claim to have extracted 2 terabytes of data and have threatened to release the information online unless their demands are met.

In a typewritten letter allegedly sent to PIH Health, the cybercriminals declared, “Be informed, there was a Ghost in your network! … If you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet.”

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Data Breach Details

The stolen data reportedly includes:

• Personal and medical records of 17 million patients.
• Information about 8.1 million medical episodes, including patients’ home addresses, phone numbers, workplaces, and medical expenses.
• Confidential diagnoses, test results, patient photos and scans, and treatment plans for thousands, including cancer patients.
• Sensitive internal documents, such as PIH’s oncology profitability reports and private emails with patients.
• Around 100 active non-disclosure agreements with other organizations, as well as employee-related confidentiality agreements.

Screenshots of PIH’s oncology reports and billing information were shared by the hackers as proof of the breach.

Despite the severity of the attack, PIH officials have not disclosed if a ransom was paid or if negotiations with the attackers are underway. The FBI is collaborating with cybersecurity experts to investigate the breach, but neither has released further details.

PIH Health spokesperson Amanda Enriquez stated, “We continue to provide care to patients safely using our downtime procedures at all of our facilities. These procedures entail non-electronic documentation, which requires significant workflow adjustments.”

The hospital system has promised to notify affected individuals if evidence confirms their information was compromised.

The attack has crippled PIH Health’s IT systems, including patient health records, laboratory tools, radiology, and pharmacy services.

Internet access at medical facilities has been disrupted, forcing staff to rely on personal cell phones and temporary internet hotspots for communication. Telephone operations have been consolidated at PIH Health Good Samaritan Hospital due to outages at other locations.

This incident serves as a grim reminder of the ongoing vulnerability of healthcare institutions to cyberattacks, raising urgent questions about data security and patient privacy.

For now, PIH Health is racing against time to recover its systems, safeguard operations, and restore trust among its patients.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free