Add New Jersey’s largest health system to the list of healthcare providers hit by ransomware attacks in 2019 - Hackensack Meridian, which operates 17 acute care and specialty hospitals, nursing homes, outpatient centers, and a psychiatric facility.
Over 90 US healthcare facilities have been hit so far this year, making business continuity planning and routine resilience exercises a must for providers.
Cause for alarm
What’s alarming about the attack on Hackensack Meridian is the size of the target and what such attacks forebode for 2020 and beyond:
(1) Attackers could begin demanding substantially higher payouts;
(2) As in other sectors, attackers could threaten to publish protected and other sensitive data to gain more negotiating leverage, making good on those threats should their demands not be met;
(3) Attacker could stage coordinated attacks against neighboring hospitals, first responders and law enforcement agencies, greatly complicating attempts to divert patients and services, particularly for emergency surgery and ICU-based interventions; and
(4) Commercial insurers could (a) insist on evidence of stronger cybersecurity controls and operational resilience planning, (b) tighten their underwriting practices more generally, and (c ) raise premiums for coverage, while also carving out key provisions.