Ransomware Attack Disrupts Patient Care at California’s PIH Health Centers

PIH Health, a healthcare network serving Southern California, fell victim to a ransomware attack on December 1, 2024.  

Patients have been advised to expect delays and disruptions. Many were told to bring paper prescriptions and physician orders for services such as lab work and imaging, as electronic systems are offline.

"Patient health records, laboratory systems, pharmacy, radiology, patient registration, and all other information technology systems and tools are down, including internet,” PIH said in a statement.

Described as a "criminal act" by hospital officials, the attack severely disrupted operations across PIH Health's three main hospitals—Downey, Whittier, and Good Samaritan—as well as its urgent care centers, doctor’s offices, home health, and hospice agencies.  

PIH Health said the breach "compromised our network," forcing a complete shutdown of critical systems, including patient health records, laboratory tools, and pharmacy services. Internet and phone lines were also impacted, leaving staff and patients struggling to maintain communication.

The attack has left many families grappling with difficult decisions—either waiting for services to resume or seeking care at other hospitals. Officials are unable to provide a timeline for restoration but assured the public that efforts are underway, supported by cyber forensic specialists and the FBI.

PIH Health reassured patients that no furloughs are planned and promised to notify anyone affected should personal health information be found compromised. They remain committed to minimizing cancellations of surgeries and procedures.

Takeaway: Digital transformation in healthcare—through electronic health records (EHRs), telemedicine, and IoT-enabled medical devices—has brought groundbreaking advancements, but it has also created glaring vulnerabilities that ransomware groups exploit with ruthless precision.  

These ruthless threat actors target critical systems, fully aware that any disruption to patient care can potentially be catastrophic, and they leverage this dire fact to compel ransom payments.

It’s a calculated, morally corrupt, and predatory business strategy where the potential consequences are nothing short of life-threatening.

The financial toll is outrageous. Healthcare organizations can bleed $900,000 daily in downtime, with total recovery costs often exceeding $4 million per attack. But the damage isn’t just financial—it’s existential. These attacks don’t just shut down systems; they delay treatments, interrupt diagnostics, and put lives directly at risk. In a sector where every second counts, this is unacceptable.

Worse still, attackers are weaponizing stolen health data—private diagnoses, medical histories, and more—to extort institutions and individuals alike. Patients already facing medical challenges are now further victimized, forced to endure the exploitation of their most intimate information. This is not just a violation; it’s a moral outrage.

Healthcare’s reliance on outdated systems and lackluster security has made it a soft target. Ransomware groups are evolving faster than defenses, attacking with alarming ease and escalating aggression.

This is a war on healthcare, and it’s a crisis that can no longer be ignored. Governments and industry leaders must act decisively—dismantle ransomware networks, impose harsh penalties on their operators, and close the gaping vulnerabilities that make healthcare such an easy target. Lives are on the line, and failure is not an option.

‍

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.