Hackers demanded a ransom from two more Southern California hospitals last week and federal authorities are investigating the case.
Prime Healthcare Services Inc., a fast-growing national hospital chain, said the attackers infiltrated computer servers on Friday at two of its California hospitals, Chino Valley Medical Center in Chino and Desert Valley Hospital in Victorville.
The company said the cyberattack had not affected patient safety or compromised records on patients or staff.
Two sources familiar with the investigation said the hackers had demanded a ransom to unlock the hospital computer systems, similar to what happened last month at Hollywood Presbyterian Medical Center in Los Angeles. Hollywood Presbyterian said it paid $17,000 in bitcoin to hackers to regain access to the institution’s computers.
Fred Ortega, a spokesman for Prime Healthcare, declined to comment on whether Prime received a ransom demand or paid any money, citing the ongoing investigation.
“This is similar to challenges hospitals across the country are facing, and we have taken extraordinary steps to protect and expeditiously find a resolution to this disruption,” Ortega said. “The concern now is to let law enforcement do their thing and find the culprit.”
FBI spokeswoman Laura Eimiller said Tuesday “we are investigating a compromise of the network at these locations.” She declined to discuss specifics of the case. The FBI also has been investigating the attack at Hollywood Presbyterian.
Ortega said the two hospitals affected remain operational and steps are being taken to restore their computer systems to full functionality. He said some IT systems were shut down by hospital staff as a preventive measure so malicious software didn’t spread further.
The company said it’s working with data security experts and the California Department of Public Health on the matter.
Prime Healthcare, based in Ontario, Calif., has acquired struggling hospitals across the country and has become one of the nation’s largest health systems. It runs 42 hospitals in 14 states. The company is led by its outspoken chairman and chief executive, Dr. Prem Reddy.
A series of high-profile data breaches in the past year have raised fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling on millions of Americans.
Prime Healthcare has faced trouble over lapses on patient privacy in the past.
In 2013, the company agreed to a $275,000 settlement to resolve a federal investigation involving a breach of patient confidentiality. Officials found that Prime’s Shasta Regional Medical Center had shared a woman’s medical files with journalists and sent an email about her treatment to all hospital employees.
This story was produced by Kaiser Health News, which publishes California Healthline, a service of the California Health Care Foundation.