MANCHESTER, Connecticut (AP) — Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted.

Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.

John Riggi, the American Hospital Association’s national advisory for cybersecurity and risk, said the recovery process can often take weeks, with hospitals in the meantime reverting to paper systems and humans to do things such as monitor equipment and run records between departments.

“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital, but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi said.

The latest “data security incident” began Thursday at facilities operated by Prospect, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement Friday. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

The White House has been monitoring the cyberattack, said Adrienne Watson, a spokesperson for the National Security Council.

Watson also said in a statement that “the Department of Health and Human Services has been in contact with the company to offer federal assistance, and we are ready to provide support as needed to prevent any disruption to patient care as a result of this incident.”

In Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital were closed for much of Thursday and patients were diverted to other nearby medical centers.

“We have a national Prospect team working and evaluating the impact of the attack on all of the organizations,” Jillian Menzel, chief operating officer for the Eastern Connecticut Health Network, said in a statement.

The FBI in Connecticut issued a statement saying it is working with “law enforcement partners and the victim entities” but could not comment further on an ongoing investigation.

The incident had all the hallmarks of an extortive ransomware but officials would neither confirm nor deny this. In such attacks, criminals steal sensitive data from targeted networks, activate encryption malware that paralyzes them and demand ransoms.

The FBI advises victims not to pay ransoms as there is no guarantee the stolen data won’t eventually be sold on dark web criminal forums. Riggi said paying ransoms also encourages the criminals and finances future attacks.

As a result of the attack, Elective surgeries, outpatient appointments, blood drives and other services were suspended, and while the emergency departments reopened late Thursday, many primary care services were closed on Friday, according to the Eastern Connecticut Health Network, which runs many of the Connecticut facilities. Patients were being contacted individually, according to the network’s website.

Similar disruptions also were reported at other facilities system-wide.