November 30, 2023 at 02:13PM
Capital Health hospitals in New Jersey are grappling with IT disruptions due to a cyberattack, affecting their network and resulting in operational changes like modified surgery schedules. Emergency services remain open while the organization works with law enforcement and cybersecurity experts to resolve the issue. The entire healthcare network anticipates continued system limitations for at least one more week amidst a broader trend of ransomware attacks on U.S. hospitals.
**Meeting Takeaways:**
1. Capital Health in New Jersey faced a cyberattack leading to IT outages.
2. The affected network connects two hospitals, one outpatient facility, and multiple primary and specialty care practices.
3. Both hospitals are functioning, accepting patients, and attending to emergencies using established downtime protocols.
4. Capital Health has informed authorities and is collaborating with law enforcement, forensic, and IT experts on recovery efforts.
5. Critical system restoration is underway, with surgical procedures being scheduled based on urgency and patient condition.
6. The focus remains on safe patient care, although elective surgeries and some procedures have been adjusted, with minimal current impact on surgical schedules.
7. Outpatient radiology, neurophysiology, and non-invasive cardiology services are currently unavailable and need rescheduling.
8. The network is expected to experience limitations for at least another week, with no specific timeline for complete resolution.
9. Cybersecurity incidents are on the rise within the US healthcare sector, affecting at least 36 US hospitals this year, with some experiencing data theft.
10. The federal government, including HHS, CISA, and FBI, have issued warnings regarding ransomware attacks targeting healthcare organizations. Recent examples include Ardent Health Services and identified ransomware operations such as Royal, Venus, Maui, and Zeppelin, as well as the Daixin Team cybercrime group.
*Actions Required:*
1. Continuously monitor the status of IT system restorations and patient care activities, updating stakeholders as necessary.
2. Coordinate with the IT team and cybersecurity experts to prioritize critical system recovery and to implement enhanced security measures.
3. Arrange for the rescheduling of affected outpatient services and communicate these changes to patients and staff promptly.
4. Liaise with law enforcement and cybersecurity professionals to gather updates and contribute to the ongoing investigation.
5. Prepare for increased inquiries from patients and media, and establish clear communication channels for timely updates.
6. Offer support to healthcare staff across the organization to ensure the continuity of safe patient care during this period.
7. Stay informed about government advisories and potential threats, advising leadership on any recommended preventative measures.