By Erin McClam, CNNMoney
A cyberattack may be crippling hospitals in the United States, apparently involving attacks that are “likely coordinated” and “looking for vulnerabilities,” according to the Department of Homeland Security.
“We are aware of hospital systems becoming infected with ransomware,” DHS said in a statement.
Security firm Proofpoint issued a report Friday detailing the attack. It said at least two hospitals are affected, but most hospitals would likely not be affected by the ransomware if they keep electronic medical records stored on other systems and not computers.
Proofpoint said it is working with hospitals and law enforcement to investigate the situation.
White House Chief of Staff John Kelly told reporters that the White House is aware of the report.
“We are aware of it, we’re working with the department and hospital systems in the United States to investigate it,” Kelly said.
The Hospital Association of New York State said on Saturday that its hospitals were experiencing an “intolerable level of power outages and the threat of operating room shutdowns” after hackers demanded $300 in bitcoins to release data.
“We are making every effort to restore full power to the affected medical facilities. We will not be providing any additional updates until we have concluded our investigations,” said Ira Brenner, a spokesman for the state association.
Hospitals need computers because they rely on them to coordinate the care of patients. Hackers would be allowed to look at private records and patient records, if they stole them.
Clive Duguid, the vice president of operations at North Shore University Hospital on Long Island, said he saw an unusual amount of activity on Friday.
“I’ve been in this business for 35 years, and my biggest fear is this type of thing happening to us,” Duguid said. “We have seen things and we’ve anticipated it for the last couple of years.”
Duguid said he was able to confirm that the hospital’s software was not affected, and he reassured patients that medical records, discharge plans and medical records are safe. The hospital said the power outage could be due to an “energetic external event.”
Hospitals are also working to restore online operations.
Memorial Sloan Kettering reported that its IT infrastructure was disrupted, and is working to restore service, according to a statement. It did not immediately respond to a request for comment on whether the hospital was affected by the ransomware attack.
Pennsylvania health network St. Joseph’s Health, which has the Health Alliance Network and has 22 acute care hospitals, did not immediately respond to a request for comment.
Karen Ignagni, CEO of America’s Health Insurance Plans, called the hacking “bizarre.”
“The American public relies on healthcare providers to protect their personal information, but we have not seen any pattern in the reports,” Ignagni said in a statement. “It seems like somebody out there is learning how to get away with this kind of activity.”