Cyber Incident Victim: Capital Health
Date:
Oct 2023
Location:
United States of America
Summary
Capital Health experienced a cybersecurity incident causing network outages, disrupting certain services while maintaining emergency care and hospital admissions. Outpatient radiology remained unavailable, with neurophysiology and non-invasive cardiology testing rescheduled, while elective surgeries faced initial adjustments but saw minimal ongoing impact. The organization engaged law enforcement and third-party experts to restore systems, though data exposure remains unconfirmed. The incident aligns with broader ransomware trends targeting healthcare entities, where attackers typically seek financial gain by blocking system access, as seen in recent attacks on other health systems that diverted ambulances and forced reliance on paper records during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Capital Health, a New Jersey-based health system operating hospitals in Trenton and Pennington along with primary care offices statewide, began experiencing network outages earlier in the week of November 2023. The organization identified these disruptions as a cybersecurity incident, aligning with similar attacks targeting other U.S. healthcare entities. Upon detection, Capital Health’s Information Technology team initiated immediate containment measures, including system safeguards and functionality assessments. The health system promptly engaged law enforcement agencies and enlisted third-party forensic and information technology experts to assist in investigating the breach and restoring operations. While the exact attack vector remained unspecified, external cybersecurity experts cited in media reports characterized the incident as consistent with financially motivated ransomware attacks typically orchestrated by organized crime groups seeking payouts.
The cyberattack significantly disrupted clinical operations, forcing Capital Health to implement emergency downtime protocols. Outpatient radiology services became unavailable, while neurophysiology and non-invasive cardiology testing appointments required rescheduling. Surgical teams prioritized cases based on medical urgency and patient condition, leading to some elective procedure delays, though minimal scheduling impacts persisted as recovery efforts advanced. Emergency departments maintained full operational capacity across all facilities, and inpatient care continued without diversion. Capital Health Medical Group practices, LIFE, and CARES facilities remained open with intact patient visit schedules. Patient portals retaining historical medical data remained accessible, though the health system could not confirm whether patient, employee, or financial data suffered unauthorized exposure. Internal IT personnel and external consultants worked continuously to restore systems, anticipating network limitations would persist for at least one week post-incident. This event followed closely after ransomware attacks disrupted Ardent Health Services hospitals during Thanksgiving and Prospect Medical Holdings affiliates in August 2023, both of which experienced comparable operational interruptions including ambulance diversions and paper record utilization.