Ransomware Attacks Force New Jersey Hospitals to Divert Ambulances

Date:

November 27, 2023

World map

Two hospital emergency rooms in New Jersey were forced to divert ambulances following a disruptive ransomware attack.

“Both hospitals are part of the Hackensack Meridian Health system - Pascack Valley Medical Center in Westwood, New Jersey, and Mountainside Medical Center in Montclair. There are no details on what the cybercriminals are demanding,” WABC-TV reports.

Hackensack Meridian issued a statement: "As a precaution, our emergency rooms are currently on divert status. There is no adverse impact on patient care." There is no estimation for when services might resume.

Takeaway: Ransomware attacks are one of the biggest threats facing every organization, and healthcare providers have been hit particularly hard. At this point, these attacks are noting short of cyber terrorism.

Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt operations, it directly impacts their ability to deliver life-saving services.

This puts tremendous pressure on the organization to pay the ransom demand or risk delays on care that put at risk.  

We should feel very fortunate that there have not been more tragic outcomes attributed to disruptions to care caused by the relentless onslaught of ransomware attacks against the healthcare sector.

A recent study found that ransomware attacks against the healthcare sector have cost the US economy of tens of billions of dollars with more than 500 reported attacks impacting nearly 10,000 healthcare facilities resulting in the exposure of over 52 million patient records.

In June, a ransomware attack on SMP Health forced the organization to cease operations and close the St. Margaret’s Health facility, and it was the only healthcare center for the local community.

In August, a ransomware attack disrupted healthcare systems in California, Texas, Connecticut, Rhode Island and Pennsylvania, forcing the suspension of services at emergency rooms and causing ambulances to be diverted to other facilities. The attacks have also caused the suspension of primary care services.

And in October a ransomware attack on Prospect Medical Holdings shuttered emergency rooms, delayed procedures, downed billing systems and caused patients to be diverted to other providers, causing major disruptions to patient care.

Healthcare providers are a favorite target for ransomware operators given they typically have fewer resources to dedicate to security, the networks are often composed of older legacy components, and any downtime is extremely disruptive.

Legacy security tools were simply not designed to address the unique threat that ransomware presents, and this is why we keep seeing disruptive ransomware attacks circumvent these traditional security solutions and impact healthcare organizations.

The average time it takes for an organization to recover from a ransomware attack has been pegged at about three weeks or more according to multiple studies.  

While a private, profitable organization with ample resources may be able to weather such a lengthy disruption to operations, the healthcare game is one of immediacy. Also, patients are different than customers, and in most cases, they cannot afford delays in treatment without putting their health at risk.

There is no way to argue against the fact that ransomware attacks on healthcare providers pose a significant threat to human life.  

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.