LOS ANGELES, CA – Cybercriminals have reportedly accessed confidential medical records for 17 million patients at PIH Health hospitals, disrupting operations across its facilities in Downey, Whittier, and Los Angeles. The attack has left patients and staff grappling with canceled surgeries, communication outages, and concerns over the potential exposure of sensitive data.
The breach, first identified on December 1, has forced PIH Health to take its systems offline as a precaution while forensic experts and federal authorities investigate. The health system confirmed that critical services, including phone and internet communications, remain inoperative, and scheduling has been significantly impacted.
Patients have expressed frustration over delays in care caused by the outage. Rebecca Armas, who has been waiting for foot surgery, shared her struggles in reaching her doctor.
“I was scheduled for surgery. I haven’t been able to get an answer on that, and I wanted to change an appointment that I had for this coming week, and I can’t do it because I can’t get through,” Armas said.
PIH Health has advised patients with in-person appointments to arrive early, but many have faced canceled procedures without prior notice. The disruption has caused widespread concern about the healthcare system’s ability to provide timely care.
According to a report, the hackers claim to have stolen records containing personal and medical information for 17 million patients. In a ransom note sent to PIH Health, the cybercriminals reportedly demanded payment, threatening to publish the stolen data if their demands were not met.
“If you’re not going to cooperate and make a deal, then all your confidential files will be published on the internet,” the hackers stated, according to the report.
PIH Health has engaged third-party cyber forensic specialists to investigate the breach. In addition, the Federal Bureau of Investigation (FBI) has been called in to assist with the investigation into what PIH described as a “criminal ransomware attack.”
“We are currently working with the assistance of a third-party cyber forensic specialist to identify the nature and scope of the issue,” a PIH Health spokesperson said in a statement. “We are also working with the Federal Bureau of Investigation (FBI) to investigate this criminal ransomware attack.”
The health system assured patients it is taking every precaution to address the breach and restore services. However, no timeline has been provided for when normal operations will resume.
The attack on PIH Health underscores the growing threat of ransomware in the healthcare sector, where sensitive patient data is a lucrative target for cybercriminals. Hospitals and healthcare systems across the country have faced similar incidents in recent years, prompting calls for stronger cybersecurity measures.
The scope of the PIH breach has raised concerns about the vulnerability of patient information. Cybersecurity experts warn that stolen medical records can be used for identity theft, financial fraud, and even blackmail.
Patients with scheduled appointments or concerns about their records have been advised to contact PIH Health directly, though communication has been hampered by the ongoing network disruption. Officials are urging patients to remain vigilant for signs of identity theft and to monitor their financial accounts for suspicious activity.
The investigation remains active, and PIH Health has pledged to provide updates as more information becomes available. Meanwhile, patients like Armas are left waiting, uncertain about when they will receive the care they need.
For now, the healthcare system continues to work toward restoring its operations and mitigating the damage caused by the breach.
