Hackensack Meridian Health Recovering from Ransomware Attack

Hackensack Meridian Health, the largest health network in New Jersey, has announced it experienced a cyberattack last week that saw ransomware deployed on its network. The attack saw files encrypted and took its network offline for two days.

Without access to computer systems and medical records, Hackensack Meridian Health was forced to cancel non-emergency medical procedures and doctors and nurses had to switch to pen and paper to allow care to continue to be provided to patients.

The attack was detected quickly, law enforcement and regulators were immediately notified, and cybersecurity experts were consulted to determine the best course of action. The health network initially announced that it was experiencing external technical issues so as not to interfere with the investigation but confirmed later in the week that the incident was a ransomware attack.

When ransomware is deployed, files need to be restored from backups and systems may need to be rebuilt. That process can take several weeks. In order to prevent continued disruption to patient services, the decision was taken to pay the ransom demand. A spokesperson for Hackensack Meridian Health said, “We believe it’s our obligation to protect our communities’ access to health care.”

The amount of the ransom has not been publicly disclosed but Hackensack Meridian Health did confirm that it holds a cybersecurity insurance policy that will cover some of the cost of the ransom payment and remediation efforts.

Hackensack Meridian Health has confirmed that its main clinical system is now back online and is fully operational, but it may take several days before other parts of its system are brought back online.

Several major ransomware attacks on healthcare organizations and business associates have been announced in the past few weeks. In the past week alone The Cancer Center of Hawaii announced it was attacked and was forced to postpone radiology treatments for patients. A ransomware attack was also announced by a Colorado business associate which impacted more than 100 dental practices.

In its latest cybersecurity letter, the HHS’ Office for Civil Rights explains how HIPAA compliance can help prevent ransomware attacks and ensure healthcare organizations recover from attacks quickly if hackers succeed in breaching their defenses.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.