On Dec. 13, New Jersey’s largest hospital system announced it paid off hackers who disrupted its medical facilities with a ransomware attack.
The Dec. 2 attack at Hackensack Meridian Health, based in Edison, forced all hospitals and clinics to reschedule approximately 100 nonemergency surgeries and staff had to care for patients without access to electronic records, reports nj1015.com. No patients were harmed and its emergency rooms kept seeing patients.
The attack affected the hospitals’ computer software systems, including scheduling, billing, labs and radiology, according to reports.
The system notified the FBI and other authorities and spoke with cybersecurity and forensic experts. New Jersey’s Health Department also worked closely with hospital leaders to restore its systems.
A statement from the Meridian said it was not aware of any impact to the confidentiality of health information, including patient records.
“We believe it’s our obligation to protect our communities’ access to healthcare,” said another statement, adding the breach “makes it clear that even the best preparation may not prevent a successful attack.”
The amount paid was not made public and Meridian said it is covered by insurance. The system has not said if it has regained access to its records but that its network’s primary clinical systems have returned to being operational and that IT specialists are working to bring all of its applications back online.
Hackensack Meridian, a $6 billion non-profit, operates 17 acute care and specialty hospitals, nursing homes, outpatient centers, and a psychiatric facility.
Other hospitals and healthcare networks have been hit by ransomware over the past few months, including DCH Health System hospitals in Alabama, which also paid a ransom.
These attacks are affecting more than just wallets. A new study released last month found U.S. hospitals that experienced data breaches or ransomware attacks saw an increase in the death rate of their heart attack patients for months and years after the incidents.
The study also found the death rate increase is not caused by the actual attackers, but rather how the healthcare systems remediate their breaches.