Kusserow on Compliance: New Jersey’s largest hospital system—Hackensack Meridian Health—subject to ransomware attack

Hackensack Meridian Health announced that it was the subject of a ransomware attack and paid an undisclosed amount to regain control over its systems. Hackensack is the largest health system in New Jersey with $6 billion in annual revenue, more than 35,000 employees, and 17 hospitals—including, Jersey Shore University Medical Center in Neptune, Hackensack University Medical Center, and JFK Medical Center in Edison. The attack brought down the computer network for two days, forcing hospitals to reschedule non-emergency surgeries and sending doctors and nurses scrambling to deliver care without access to electronic records. The health system promptly notified the FBI and other authorities and spoke with cybersecurity and forensic experts. The announcement included that health system had insurance coverage to help cover the costs associated with cyber-attacks—payment, remediation, and recovery efforts. The attack forced hospitals to reschedule nonemergency surgeries and doctors and nurses to deliver care without access to electronic records. The network’s primary clinical systems have now returned to being operational, and information technology specialists are working to bring all its applications back online. The announcement did not include that any patient information was subject to unauthorized access or disclosure.

This is another vivid reminder for health care organizations to prepare for and plan on how to respond to such an attack. Hospitals and providers of health care services continue to be a prime target to ransomware attacks. Their systems tend to be more vulnerable and dependence of their patient data is critical to their function. Any failure to have access to it can be extremely detrimental for patients.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.