New Jersey’s largest hospital network, Hackensack Meridian Health, was attacked last week by cyber criminals who used ransomware to disrupt the organization’s computer systems for about five days.
According to local media reports, while the 17-hospital health system originally declined to acknowledge what caused the attack, a statement from the organization last Friday noted, “Due to developments in the investigation, and on advice of national experts, we could not disclose that this was a ransomware attack until now,” NJ.com reported.
That Dec. 13th statement from health system officials continued, “Our network’s primary clinical systems are operational, and our IT teams continue working diligently to bring all applications back online safely. Based on our investigation to date, we have no indication that any patient or team member information has been subject to unauthorized access or disclosure.” Officials emphasized that patient safety “was not compromised,” noting that approximately 100 elective surgeries were rescheduled, but other disruptions were minimal.
A spokesperson for the union Health Professionals and Allied Employees, or HPAE, told NJ.com, however, that there had been delays in orders and lab work, while clinical staff and others have had to double-check paperwork since the electronic systems were down.
Media reports also noted that Hackensack leaders said that the organization has insurance coverage for these types of emergencies, and used those funds to pay the hackers, as well as other remediation and recovery efforts, though the organization did not disclose how much was paid.
Ransomware attacks continue to plague healthcare organizations across the U.S.; the annual Verizon Data Breach Investigations Report, released earlier this year, revealed that for the second straight year, ransomware incidents were over 70 percent of all malware outbreaks in the sector. Another report from 2018 noted that the number of reported major IT/hacking events attributed to ransomware by healthcare institutions increased by 89 percent from 2016 to 2017.
Hackensack Meridian, based in Edison, N.J., is a $6 billion nonprofit system operating 17 acute care and specialty hospitals, nursing homes, outpatient centers and the psychiatric facility Carrier Clinic.