Hackensack Meridian Health

Hackensack Meridian Health (HMH) faced a proposed class action lawsuit over a December 2019 ransomware attack.

Hackensack Meridian Health experienced on December 2, 2019 and the attack crippled the computer network used by the defendant’s 17 hospitals for two days.

It left facilities under the HMH umbrella unable to reschedule non-emergency surgeries and doctors and nurses were locked out of patient records.

HMH did not notified patients of the ransomware incident, nor did they reported the breach to the Department of Health and Human Services.

Those responsible had gained access to portions of their computer systems and made certain files unreadable via encryption, holding hostage a critical portion of HMH’s network.

It contained patient records and the case relays.

The attack compromised names, demographic details, dates of birth, Social Security and driver’s license numbers, employment data, and medical information protected by the Health Insurance Portability and Accountability Act of 1996—HIPAA.

Source: https://www.classaction.org/news/hackensack-meridian-health-hit-with-class-action-lawsuit-over-dec.-2019-ransomware-attack#embedded-document

TPRM report: https://scoringcyber.rankiteo.com/company/hackensackmeridianhealth

"id": "hac2023201222",
"linkid": "hackensackmeridianhealth",
"type": "Ransomware",
"date": "12/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'name': 'Hackensack Meridian Health',
                        'size': '17 Hospitals',
                        'type': 'Healthcare'}],
 'attack_vector': 'Network Intrusion',
 'data_breach': {'data_encryption': 'Yes',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information',
                                              'Medical Information']},
 'date_detected': '2019-12-02',
 'description': 'Hackensack Meridian Health (HMH) experienced a ransomware '
                'attack on December 2, 2019, which crippled their computer '
                'network used by 17 hospitals for two days. The attack '
                'encrypted patient records and other sensitive information, '
                'leading to a proposed class action lawsuit.',
 'impact': {'data_compromised': ['Names',
                                 'Demographic Details',
                                 'Dates of Birth',
                                 'Social Security Numbers',
                                 "Driver's License Numbers",
                                 'Employment Data',
                                 'Medical Information'],
            'downtime': '2 Days',
            'identity_theft_risk': True,
            'legal_liabilities': ['Proposed Class Action Lawsuit'],
            'operational_impact': ['Unable to Reschedule Non-Emergency '
                                   'Surgeries',
                                   'Doctors and Nurses Locked Out of Patient '
                                   'Records'],
            'systems_affected': 'Computer Network'},
 'motivation': 'Financial Gain',
 'ransomware': {'data_encryption': True},
 'references': [{'source': 'Cyber Incident Description'}],
 'regulatory_compliance': {'legal_actions': ['Proposed Class Action Lawsuit'],
                           'regulations_violated': ['HIPAA']},
 'title': 'Hackensack Meridian Health Ransomware Attack',
 'type': 'Ransomware'}