Cyberattackers hit Capital Health hospitals in New Jersey


Capital Health has become the latest victim of a wave of cyberattacks against US hospitals. Two New Jersey hospitals experienced network outages that affected their activities.

The Capital Health hospitals, Capital Health Regional Medical Center in Trenton and Capital Health Medical Center – Hopewell in Pennington, were forced to reschedule some elective surgeries and procedures. “Outpatient radiology is currently not available, and neurophysiology and non-invasive cardiology testing will be rescheduled,” the company announced.

The hospitals will continue operating with system limitations, which will not be completely resolved for at least the next week, despite IT teams working around the clock. The company also runs smaller facilities in the region.

All Capital Health Emergency rooms remain open for emergency care, and hospital teams continue to provide medical treatment.

“Both hospitals continue to admit and treat patients who need inpatient care and services,” Capital Health's announcement reads. “Surgeries were prioritized based on the urgency of the case and the critical nature of the patient’s condition.”

Capital Health believes that the network outages are caused by a cybersecurity incident, “something we know is also being experienced at other healthcare organizations across the country.”

After becoming aware of the attack earlier this week, Capital Health’s Information Technology team immediately began to assess the situation, safeguard data, and work to regain system functionality, according to the announcement. The company has notified authorities and is working closely with law enforcement and third-party experts.

At the current time, there are no confirmations whether any patient, employee, or financial data has been exposed. Patient portals with historical data are available to access.

“Capital Health Medical Group practices remain open for all patient visits, as do all other locations such as LIFE and CARES,” the company assures. Its team contacts and advises patients whose cases are being rescheduled.

Cybernews has already reported on ransomware cyberattacks that are spreading chaos in the US and elsewhere.

A few days ago, at least six US-based healthcare institutions belonging to Ardent Health Services also struggled with network outages. The company confirmed it suffered a disruptive ransomware attack. Some social media users suspect Black Suit ransomware to be behind the Ardent attack.

Cyberattacks against hospitals have reached epidemic levels. According to Tenable’s 2021 Threat Landscape Retrospective, close to half of hospitals in the US were shut down due to ransomware attacks, either as a direct result of an attack or to proactively shut down their networks to prevent further infection.

In November, cyber attackers hit a hospital in France, demanding a $10 million ransom. Hospital Clinic de Barcelona in Spain also fell victim to a ransomware attack, which resulted in the cancelation of thousands of medical appointments.

According to a study from the University of Minnesota, ransomware attacks decrease hospital volume by up to a quarter during the initial attack week. They are also life-threatening, as they increase in-hospital mortality for the patients who are admitted at the time of the attack.