TeamHood 
IT disruptions have impacted Capital Health hospitals and physician offices throughout New Jersey following a cyberattack.
The affected healthcare system oversees two hospitals, namely the Regional Medical Center in Trenton and Capital Health Medical Center in Hopewell. Additionally, an outpatient facility in Hamilton and numerous primary and specialty care practices across New Jersey are under the management of Capital Health.
Capital Health has confirmed that both of its hospitals are presently admitting incoming patients, including those seeking emergency services, following established protocols for system downtime.
Upon detecting the incident, Capital Health promptly notified relevant authorities and is currently collaborating with law enforcement, as well as third-party forensic and IT experts, to restore affected services.
The hospital’s IT team is actively working on the restoration of systems, with a focus on prioritizing surgeries based on urgency and patient condition.
In response to the cybersecurity incident, Capital Health stated, “We are prioritizing safe patient care while working to restore the network and address the impact of this disruption. Capital Health is experiencing network outages due to what we believe to be a cybersecurity incident, a situation also being encountered by other healthcare organizations across the country.”
Despite the network outages, all Capital Health emergency rooms remain open, ensuring the provision of appropriate treatment for patients requiring emergency care. Both hospitals are admitting and treating patients in need of inpatient care and services.
To ensure the delivery of safe patient care, Capital Health has made adjustments to elective surgical and procedure schedules, with minimal impact on surgical schedules. However, outpatient radiology services are temporarily unavailable, and neurophysiology and non-invasive cardiology testing will be reschedule.
Capital Health anticipates operating with certain system limitations for at least an additional week, and a definitive timeline for the complete resolution of the ongoing issues is not currently available.
The prevalence of ransomware attacks on U.S. hospitals has been noteworthy this year, with at least 36 hospitals affected, managing a total of 130 hospitals. Among these, data theft occurred in at least 26 out of the 36 impacted hospitals, according to Brett Callow, a threat analyst at Emsisoft.
Ardent Health Services, a healthcare provider overseeing 30 hospitals across six U.S. states, recently disclosed a ransomware attack that occurred last Thursday. Following the incident, Ardent’s emergency rooms had to redirect individuals in need of emergency care to other hospitals in their vicinity.
The U.S. federal government has consistently issued warnings about ransomware attacks targeting healthcare organizations since the previous year. The U.S. Department of Health and Human Services (HHS) security team, for instance, cautioned about ransomware operations like Royal, Venus, Maui, and Zeppelin targeting Healthcare and Public Health (HPH) organizations.
In October 2022, CISA, FBI, and HHS jointly alerted hospitals to the threat posed by the Daixin Team cybercrime group, emphasizing its focus on conducting ransomware attacks against healthcare institutions.
