EXECUTIVE SUMMARY:

Two hospitals in New Jersey and Hawaii were recently hit by ransomware attacks, disrupting patient care for several days. One of the healthcare networks in New Jersey reportedly paid the ransom to get systems back online. The Hawaiian cancer center refused to pay and is in the process of investigating the cyber attack.

The New Jersey IT team quickly identified the attack and contacted an outside cyber security firm, regulators, and law enforcement. To ensure that the investigation was not interrupted, officials initially reported that the attack as technical issues. The hospital systems going offline caused non-emergency medical procedures to be cancelled as access EHR system was not available.

Hackers attempted to encrypt data on the cancer center’s network, temporarily disabling it. Critical patient care such as radiation treatments were disrupted. Forensic investigations showed no signs of patient or employee data breaches and the hack was reported to the FBI as the hospital worked with third-party forensic firms.

Ransomware attacks on the healthcare sector are on the rise. The Office for Civil Rights reports that the sector is one of the most targeted and has made recommendations for methods that can better protect healthcare industry systems, “Implementing effective security tools including anti-malware software and intrusion detection/prevention solutions can also help prevent, detect, and contain attacks.”

To learn more about the ransomware attacks disrupting patient care, check out this article from Health IT Security.