Healthcare Cybersecurity Crisis: A case study on recent outages in New Jersey

In recent news, New Jersey witnessed a distressing trend affecting healthcare systems: cyber breaches leading to network outages and disruptions in hospital services. Hackensack Meridian Mountainside Medical Center and Pascack Valley Medical Center, owned by Ardent Health Services, encountered a significant network outage due to a potential security incident. This unfortunate event led to emergency rooms being placed on divert status, impacting patient care protocols. However, according to Chiara Marababol, a spokeswoman for Mountainside and Pascack Valley medical centers, there is no adverse impact on patient care.

This incident is part of a larger-scale outage affecting various Ardent Health Services network facilities, encompassing 37 hospitals in Texas, New Mexico, and Oklahoma. Comparable outages were reported at Texas hospitals owned by Ardent, accentuating the breadth of this issue.

Despite the disruption, healthcare providers diligently follow established downtime protocols while assessing the impact and working toward system restoration. Patient care remains a top priority, albeit with necessary adaptations. Both emergency rooms continue to provide essential services. However, local EMS systems have been requested to temporarily divert patients to alternative facilities to ensure critically ill individuals have immediate access to high-quality care.

Notably, this incident isn't an isolated case in New Jersey. Earlier reports highlighted cyber incidents affecting other medical institutions. CentraState Medical Center in Freehold encountered a ransomware attack late last year, compromising the data of approximately 617,000 patients. Additionally, Capital Health, a medical system with hospitals in Trenton and Hopewell, experienced network outages due to a cybersecurity issue, causing disruptions in elective surgeries and outpatient radiology services, among others.

These occurrences underscore the growing threat posed by cybercriminals targeting healthcare systems. A cybercrime researcher at Drexel University emphasized that such attacks are often financially motivated, typically involving organized crime groups seeking ransom payments. He suggested that these incidents are likely ransomware attacks, where criminals turn off networks or servers, demanding compensation for restoration.

Given the critical nature of healthcare services, these cyber incidents have substantial implications for patient care. Disruptions in elective surgeries and specialized tests create challenges in delivering comprehensive healthcare services, especially when hospitals are typically busy handling seasonal illnesses like flu and respiratory diseases.

The impact of these cyber breaches extends beyond immediate network outages, potentially compromising sensitive patient, employee, and financial data. As healthcare systems grapple with these challenges, primary care facilities remain unaffected, ensuring ongoing patient care.

Despite efforts to restore systems and resume normal operations, uncertainties linger regarding the duration of these limitations. Hospitals anticipate operating under restricted system functionality for at least a week, emphasizing the need for comprehensive cybersecurity measures and heightened vigilance in safeguarding critical healthcare infrastructure against cyber threats.