The hospital system was forced to reschedule surgeries and appointments as a result of a ransomware attack.
Hackensack Meridian Health, New Jersey’s largest hospital system, told media outlets that it had been targeted by a cyberattack on December 2, crippling its computer systems for nearly five days.
“Our network’s primary clinical systems are operational, and our IT teams continue working diligently to bring all applications back online safely,” according to a statement, issued to New Jersey Local News, on Friday. “Based on our investigation to date, we have no indication that any patient or team-member information has been subject to unauthorized access or disclosure.”
The ransomware attack impacted anything with computer software, including scheduling and billing systems, labs and radiology.
Subsequently, the attack led to roughly 100 elective surgeries being rescheduled.
The hospital has not announced how much of the ransom was paid, or if any of the data has been recovered. In addition, it did not give any information as to how the systems were first infected and what data was impacted.
“It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks,” said Joseph Carson, chief security scientist at Thycotic, to Threatpost.
“You would assume that the industry would have implemented an incident response plan and a solid backup/recovery process by now. However, we still see struggles once a system is infected as it spreads through the network, forcing IT to revert to pen and paper. We have to accept that people are going to click on stuff so we need to raise the priority of implementing the principle of least privilege, which will reduce the possibility of ransomware infecting systems and spreading throughout the network.”
Other hospitals including the DCH Health System have been hit by ransomware over the previous months.
The post #Privacy: New Jersey’s largest hospital system pays ransom appeared first on PrivSec Report.