Ransomware Attack Hits Brooklyn Hospital Center; Some Patient Data Unrecoverable

Nov. 7, 2019

The Brooklyn Hospital Center in New York has notified patients of a security incident involving malware that infiltrated some of the organization’s data servers.

Officials became aware of the ransomware attack at the 464- bed, community teaching hospital located in downtown Brooklyn in July when they noticed unusual activity relating to certain hospital servers. An investigation determined it was malware that encrypted certain systems and had disrupted the operation of some of the hospital’s data servers, although officials attest that there is no evidence that data was actually accessed or acquired by the attackers.

But then in September, hospital officials got more bad news. The investigation confirmed that due to the malware, certain patient data was unrecoverable. “While our recovery efforts are ongoing, based on this determination, we are undertaking a diligent review of the patient data that may be potentially impacted by this event and taking steps to notify those individuals whose records may no longer be available. To date, we are unaware of any actual or attempted access to or misuse of medical or personal information,” hospital officials stated.

The unrecoverable information may have included patient names and certain dental or cardiac images, they noted, adding that they are “reviewing policies and procedures relating to data security and taking steps to enhance our existing security protocols.”

While there have been differing reports on if ransomware attacks on healthcare organizations are on the rise or not—some believe they actually decreased in 2018—industry cybersecurity professionals are still concerned about these types of incidents since the impact on the victim organization can be quite significant.

For example, notes Clyde Hewitt, executive Advisor at Texas-based cybersecurity company CynergisTek, the typical hospital can expect to lose $100,000 per bed over the 60-day period it takes a hospital to recover from a widespread ransomware event to the point from which their patients’ insurance plans start paying again. For most providers, he says, “this has significant cash-flow implications. While most of the claims are eventually paid, hospitals should expect a 6 to 10 percent reduction due to lost charge capture for the period they had to operate with paper medical records.”

Beyond that, ransomware attacks impact not only clinical systems, “but can also stop all back-office functions such as timekeeping, payroll, HR, physical security systems, contracts, and supply chain management,” Hewitt says. “For organizations that can survive the cash flow, immediate recovery cost, and then the long-term remediation cost to address the issues that lead to the attack, they can expect their capital investments in new clinical-facing technology to be adversely impacted for a minimum of a year or even longer.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?