Names, social security numbers, and telephone numbers are some of the information that may have been exposed as a result of a cyberattack Capital Health experienced in 2023.
Capital Health is still working to determine who exactly has been impacted from the cyberattack, according to the health system’s statement.
“Likewise, Capital Health is in the process of determining the exact nature of data affected. This work is ongoing,” the health system said.
“Based on our investigation to date, and consistent with other cyber breach incidents which have impacted not only healthcare but other industries as well, we believe there is a possibility that the following types of information may have been involved in the incident: names, addresses, social security numbers, dates of birth, email addresses, telephone numbers and potentially clinical information.”
Capital Health, which operates Regional Medical Center in Trenton and Capital Health Medical Center – Hopewell, along with an outpatient facility in Hamilton is currently in the process of a detailed review of affected files to determine whether personal information and health information was present and to whom the information relates.
“This process is time-intensive, but ultimately necessary to properly identify potentially affected individuals,” they added. “Depending on our findings, we may follow this notice by sending letters to impacted individuals at the mailing address we have on file in accordance with applicable laws.”
Capital Health’s investigation of the cyber breach has been able to determine that an unauthorized actor gained access to their systems from Nov. 11 to Nov. 26 in 2023.
“On or about Dec. 1, the forensic investigation determined that the unauthorized third party acquired and/or accessed certain files on the organization’s network,” they said. “At this point, we have found no evidence that personal information or protected health information has been misused.”
The Capital Health hospitals and clinics continue to operate normally.
The health system is offering complimentary access at no cost to people for identity monitoring, fraud consultation, and identity theft restoration services to help mitigate any potential for harm.
Installing additional endpoint detection and response software, and resetting all passwords are some of the cybersecurity enhancements implemented following the cyberattack.
“Capital Health endeavors to protect the privacy and security of personal information and protected health information,” they said. “We have worked diligently to determine how this incident happened and are taking appropriate measures to prevent a similar situation in the future.”
Capital Health was not the only health system in New Jersey hit by a cybersecurity attack in the previous year.
Hackensack Meridan had two hospitals – Pascack Valley Medical Center in Westwood and Mountainside Medical Center in Montclair – divert patients from their emergency rooms during the cybersecurity attack.
From 2018 to 2022, there has been a 93% increase in large breaches reported to the Office for Civil Rights, a 278% increase in large breaches involving ransomware, according to the U.S. Department of Health and Human Services Office for Civil Rights.
In a report published by the Journal of American Medical Association, the number of American hospitals hit with cyberattacks has more than doubled from 2016 through 2021.