By Melanie Evans
This article is being republished as part of our daily reproduction of WSJ.com articles that also appeared in the U.S. print edition of The Wall Street Journal (December 14, 2019).
One of New Jersey's largest hospital systems said it was hit this month by a ransomware attack that disrupted care across its clinics and 17 hospitals.
Hackensack Meridian Health said Friday the attack began Dec. 2 and forced it to cancel some surgical and other procedures, though no patients were harmed and its emergency rooms kept seeing patients.
The nonprofit, based in Edison, N.J., said it is now trying to fully restore its computer systems after paying an unspecified ransom. Hackensack Meridian declined to say when it paid the ransomware.
Ransomware is a malicious software that locks down computers until the victims make payment. It has become a costly, debilitating threat across various industries and crippled city services across the U.S. this year.
Attacks on hospitals and health systems, who have been digitizing their operations and record-keeping, have proven to be hugely disruptive, in some cases leaving small physician groups unable to recover.
Victims have been forced to cancel some elective procedures, shut down computer networks to prevent further spread of the virus and temporarily revert to using paper records.
Hackensack Meridian said the attack didn't force the hospital to send patients elsewhere or see a drop in emergency room visits. It said it did cancel fewer than 100 scheduled procedures as a result of the attack and bad weather.
"As the frequency of these crimes grow, it is imperative that we work collectively -- non-profit and for-profit organizations, large companies and small -- with regulators and lawmakers to safeguard our vital enterprises and institutions," the system said in a statement.
The hospital system wouldn't say how much of a ransom it paid. "We believe it's our obligation to protect our communities' access to health care," it said.
Nearly two weeks after the attack, the hospital system continues to restore its computer networks. Yet the computer networks and applications used for medical care is back up and running, the system said. Its hospitals include Hackensack University Medical Center in Hackensack, Jersey Shore University Medical Center in Neptune and JFK Medical Center in Edison.
Hackensack Meridian's investigation into the attack hasn't found evidence that the attack created a leak of private-patient or employee information, the statement said. It hired cybersecurity and forensic experts to investigate and alerted the Federal Bureau of Investigation of the attack.
New Jersey's Health Department worked closely with the hospital system's leadership team as the hospital system sought to restore its networks, a spokeswoman for the agency said.
The system said roughly a week ago it had suffered "externally-driven technical issues" but didn't immediately disclose it was a ransomware victim on the advice of experts.
Write to Melanie Evans at Melanie.Evans@wsj.com