Cyber Incident Victim: CentraState Healthcare System
Date:
Dec 2022
Location:
United States of America
Summary
CentraState Healthcare System experienced a cybersecurity incident involving an IT shutdown and network outages, prompting patient diversions to nearby facilities while operating under electronic health record downtime procedures with manual paper-based processes. The hospital isolated affected systems to contain the incident, maintaining patient care without adverse effects but requiring EMS providers to redirect incoming cases for an unspecified duration. Technical disruptions began during a shift change, leading to ongoing recovery efforts with no confirmed impact on personal or protected health information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
CentraState Medical Center in New Jersey began experiencing technical disruptions related to an IT security issue on December 30, 2022, prompting immediate operational changes. The hospital detected system anomalies during the morning shift change, leading administrators to isolate affected systems and proactively shut down the network to contain potential threat proliferation. This network outage necessitated activation of patient diversion protocols, with emergency medical services directed to route incoming patients to alternative facilities for an indeterminate period. Clinical operations transitioned to electronic health record downtime procedures, requiring staff to document patient care manually using available paper records maintained on-site. Hospital leadership, including CEO Tom Scott, publicly emphasized that core patient care services continued without significant adverse effects despite these technical challenges. The incident investigation remained ongoing as of the initial disclosure, with no public attribution to specific threat actors or confirmation of ransomware involvement. External cybersecurity advisories noted this incident occurred during a period of heightened alert for healthcare sector attacks, following warnings about increased holiday-season targeting by malicious actors.
The healthcare provider maintained manual clinical workflows while assessing the scope and origin of the security incident, with restoration timelines remaining unspecified in public communications. CentraState's official statement reiterated that patient care standards were preserved through established contingency plans, though the diversion protocol created operational dependencies on neighboring hospitals. No evidence of personal health information compromise or data exfiltration was disclosed during the initial response phase. Recovery efforts focused on systematic validation of system integrity before phased reactivation, consistent with standard incident response protocols for critical infrastructure environments. The prolonged network outage demonstrated the hospital's reliance on interconnected digital systems for routine patient intake and coordination with regional emergency services. Business continuity measures successfully prevented complete operational paralysis but could not eliminate service limitations requiring sustained manual workarounds. Hospital administrators provided no subsequent updates regarding full system restoration or conclusive findings from their forensic investigation beyond the initial December 30 disclosure.