HACKENSACK, N.J. — Earlier this month, Hackensack Meridian Health fell victim to a targeted ransomware attack, causing an IT disruption that impacted its 17-hospital network that forced one of New Jersey’s largest hospital systems to remit an undisclosed sum of ransomware payment.
Hackensack Meridian said the payment amount could not be divulged due to confidentiality agreements.
Hospital officials of the Edison-based nonprofit said the incident was discovered fast, and staff immediately notified the FBI and other law enforcement and regulatory authorities to commence remediation efforts. An investigation is currently ongoing with support from external cybersecurity and forensic experts.
“Due to the extraordinary efforts of our physicians, nurses, and clinical teams, patient safety was not compromised,” read a news release from Hackensack Meridian Health. “We apologize for any inconvenience this may have caused our patients. We routinely explore ways to enhance the security of our systems including implementing new and sophisticated information security tools and will continue to do so.”
The Wall Street Journal reported that the cyberattack coupled with inclement weather caused Hackensack Meridian to cancel less than 100 scheduled procedures.
Ransomware is a malicious software designed to block access to a computer system until a sum of money is paid. Because these kinds of cyberattacks are common among health care organizations, the hospital has comprehensive coverage to pay for costs associated with such attacks.
“Investing in cyber security systems to protect our patients’ welfare, as well as our ability to continue to deliver high-quality care, has been the top priority for our leadership and Board of Trustees,” read the statement. “In fact, it must be a fundamental part of comprehensive emergency planning for all health care systems given the nature of the services we provide.”
In the last three weeks since an investigation on the Dec. 2 incident has been active, the hospital has “no indication that any patient or team member information has been subject to unauthorized access or disclosure.”
“The safety and care of our patients remains our priority,” said the statement. “Our network’s primary clinical systems are operational, and our IT teams continue working diligently to bring all applications back online safely.”