Cyber Incident Victim: Hackensack Meridian Health
Date:
Dec 2019
Location:
United States of America
Summary
A New Jersey-based healthcare provider experienced a ransomware attack that disrupted operations across its network of hospitals and clinics, forcing the cancellation of nonemergency procedures and temporarily preventing access to electronic medical records. The organization paid an undisclosed ransom to decrypt files, utilizing insurance coverage for such incidents, while maintaining emergency services without patient harm. Cybersecurity experts and law enforcement were engaged to investigate, with no evidence of unauthorized access to or disclosure of patient data. Systems were restored over the following weeks, allowing medical care applications to resume normal functionality amid broader concerns about rising cyber threats to critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Hackensack Meridian Health, New Jersey's largest hospital system operating 17 acute care and specialty hospitals along with psychiatric facilities, nursing homes, and outpatient centers, experienced a ransomware attack beginning December 2, 2019. The attack disrupted network operations across its facilities, forcing the cancellation of some surgical and medical procedures while emergency rooms remained operational. Hospital staff could not access electronic medical records during the incident, requiring the rescheduling of nonemergency surgeries. Fewer than 100 scheduled procedures were canceled systemwide, with no reported patient harm resulting directly from the cyber incident. The IT staff opted to pay the ransom demanded by attackers to obtain decryption keys, though the hospital declined to disclose the payment amount, citing existing insurance coverage for such cyber emergencies. Hackensack Meridian immediately notified law enforcement authorities following the attack and engaged external cybersecurity and forensic experts to manage incident response operations.
Internal restoration efforts continued for nearly two weeks as technical personnel worked to rebuild compromised computer networks. The hospital system confirmed no evidence suggested unauthorized access to or disclosure of protected patient information during the breach. By mid-December 2019, critical computer networks and medical applications supporting patient care services were fully restored across all facilities. In public statements, Hackensack Meridian emphasized the growing frequency of ransomware attacks against healthcare organizations and called for collaborative efforts between public institutions, private companies, and policymakers to strengthen defenses against such threats. The incident highlighted operational vulnerabilities in healthcare infrastructure when electronic systems become unavailable, though contingency measures prevented more severe disruptions to emergency medical services.