Cyber Incident Victim: One Brooklyn Health
Date:
Nov 2022
Location:
United States of America
Summary
A cyberattack disrupted a Brooklyn hospital network's operations, forcing system shutdowns and leading to significant service interruptions across three facilities. The incident prevented electronic medical record access, necessitating manual documentation of patient information and direct viewing of test results on imaging machines. Ambulances were rerouted amid communication failures with emergency services, while electronic prescription capabilities were halted, causing delays. The organization engaged third-party experts and law enforcement, distributed hundreds of devices to mitigate outages, and partially restored some clinical systems without paying ransom demands. Patient care continued using contingency protocols, though investigation into potential data compromise remained ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The One Brooklyn Health System, comprising Interfaith Medical Center, Brookdale Hospital Medical Center, and Kingsbrook Jewish Medical Center, experienced a significant cyber incident beginning on or around November 17-19, 2022. The health system proactively shut down its network upon discovering the disruption, which remained offline for over a week. Initial reports indicated an unexplained IT issue, but subsequent investigations confirmed the event as a cybersecurity incident. The attack disrupted electronic medical records (EMR), laboratory systems, imaging platforms, and electronic prescription capabilities, forcing staff to revert to paper-based documentation. Medical personnel could not access patient histories or upload test results to digital portals, requiring them to view CT scans and other diagnostic images directly on testing equipment. Electronic prescription fulfillment, mandated by New York State law since 2016, became impossible, necessitating direct phone calls to pharmacies—a process that extended wait times during peak flu season. Ambulances were rerouted to other facilities, though communication failures with the New York Fire Department’s emergency services reportedly caused coordination gaps. Despite these operational challenges, One Brooklyn Health maintained patient care using established downtime protocols and did not cancel scheduled appointments.
The health system engaged third-party cybersecurity advisors to investigate the breach’s scope and assist with restoration efforts. By early December 2022, limited access to EMR and select clinical applications had been restored, and 250 computers alongside 775 mobile devices were distributed across facilities to mitigate workflow disruptions. CEO LaRay Brown confirmed contact with federal, state, and local law enforcement agencies regarding the cybercrime, though no specific threat actor or malware variant was publicly identified. External claims emerged from former Councilman Sal Albanese and medical attorney James Schiffer alleging a $5 million ransom demand, though One Brooklyn Health neither confirmed nor denied these reports, instead focusing on rebuilding compromised systems. The New York State Department of Health monitored the situation to ensure patient safety but deferred further comment due to the ongoing investigation. Operational impacts included prolonged system recovery timelines, manual prescription processing delays, and temporary ambulance diversions, while the potential compromise of patient data—including social security numbers and addresses—remained undetermined as of mid-December. The incident underscored vulnerabilities in safety-net hospitals serving predominantly low-income populations, though no data misuse or further patient harm was reported during the outage period.