Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

New Jersey Health Network Pays Up in Ransomware Attack

New Jersey's largest hospital health network has paid threat actors an undisclosed sum to restore data compromised in a cyber-attack.

Hackensack Meridian Health's computer systems were shut down after being infected with ransomware on Monday, December 2. The attack caused major disruptions to services at 17 hospitals, nursing homes, and urgent care centers operated by the network.

Elective surgeries for roughly 100 patients were rescheduled as a result of the ransomware incident. Hackensack Meridian Health employees who were unable to access electronic records had to revert to using a paper-based system to deliver care. 

The ransomware payment, together with the costs associated with recovering from a cyber-attack, were covered by Hackensack Meridian Health's insurance policy, according to Asbury Park Press.

At first, Hackensack Meridian Health was reluctant to disclose the true nature of the problem, citing only that it was grappling with "externally-driven technical issues." 

But, on Thursday, December 5, news of the ransomware attack was leaked to NJ Advance Media by a hospital IT professional who chose to remain anonymous.

Bridget Devane, a spokesperson for the union Health Professionals and Allied Employees, or HPAE, confirmed on Friday, December 6, at 5 p.m., that "northern New Jersey hospitals are definitely back online."

Describing the disruption caused by the incident, Devane said: "There have been delays in orders and lab work, and they are having to double-check paperwork carefully to make sure everything is accurate."

According to NJ Advance Media, the health network confirmed the ransomware attack and the payment of the ransom in a statement released on Friday, December 13.

The statement read: "Due to developments in the investigation, and on advice of national experts, we could not disclose that this was a ransomware attack until now.

"Our network’s primary clinical systems are operational, and our IT teams continue working diligently to bring all applications back online safely. Based on our investigation to date, we have no indication that any patient or team member information has been subject to unauthorized access or disclosure."

Hackensack Meridian Health, which is based in Edison, New Jersey, has more than 35,000 employees and generates around $6bn in annual revenue.

What’s Hot on Infosecurity Magazine?