Ransomware Attack Impacts Hackensack Meridian Health

Hackensack Meridian Health, the biggest health network in New Jersey, has revealed it was targeted in a cyberattack recently which resulted in ransomware being deployed on its databases. The attack left files encrypted and took its network offline for a number of days.

With no access to computer systems and medical histories, Hackensack Meridian Health was had to cancel non-emergency medical procedures and doctors and nurses had to change to pen and paper to allow care to continue to be given to patients.

The attack was discovered quickly, law enforcement and regulators were immediately alerted, and cybersecurity specialists were consulted to determine the best course of action. The health network initially revealed that it was suffering external technical issues so as not to interfere with the investigation but announced later in the week that the incident was a ransomware attack.

When ransomware is used, files need to be brought back online using backups and systems may need to be rebuilt. That process can take many weeks. In order to prevent ongoing disruption to patient services, the decision was taken to meet the ransom demand. A representative for Hackensack Meridian Health stated: “We believe it’s our obligation to protect our communities’ access to health care.”

The amount of the ransom has not been publicly shared but Hackensack Meridian Health did confirm that it holds a cybersecurity insurance policy that will take into account some of the cost of the ransom payment and remediation attempts.

Hackensack Meridian Health has revealed that its main clinical system is now back online and is fully back in action, but it may take many days before other parts of its system are brought back online.

Many major ransomware attacks on healthcare groups and business associates have been revealed in recent weeks. In the past week alone The Cancer Center of Hawaii revealed it was attacked and was forced to cancel radiology treatments for patients. A ransomware attack was also revealed by a Colorado business associate which affected over 100 dental clinics.