Healthcare , Incident & Breach Response , Industry Specific

One Brooklyn Health Not Over November Cyber Incident

Organization's 3 Hospitals Are Regaining Use of Various Critical Services, CEO Says
One Brooklyn Health Not Over November Cyber Incident
Brookdale Hospital Medical Center is one of the three One Brooklyn Health hospitals still affected by a November cyber incident. (Photo: One Brooklyn Health)

New York-based One Brooklyn Health is slowly recovering from a cybersecurity incident detected on Nov. 19 that disrupted a variety of digital systems at its three safety-net hospitals and other care facilities.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

One Brooklyn CEO LaRay Brown said in a Wednesday statement to Information Security Media Group that the organization has made "considerable progress" in its investigation and remediation.

The organization, which includes three Brooklyn hospitals, two nursing homes and an assisted living program, continues to work with third-party advisers, including cybersecurity experts, to ensure that its systems are brought back online "as quickly and safely as possible, in a way that prioritizes patient care," Brown said.

"There have been no patient harm resulting from IT systems being offline," she added.

One Brooklyn continues to be in regular communication with the New York State Department of Health and other regulatory agencies to share "pertinent updates" in the investigation and restoration process for the incident. "We have also notified law enforcement and continue to work with them as appropriate," Brown said.

Neither the New York state governor's office nor the health department immediately responded to ISMG's request for comment on the One Brooklyn cyber incident.

Restoration Process

As of Wednesday, a variety of clinical applications had been restored, including those used for imaging and other critical services, and access to "a significant number" of workstations for staff use has also been restored.

"We anticipate the restoration of additional high-priority applications in the coming days. Importantly, patient care has not been impacted as a result of this incident."

Brown did not immediately respond to ISMG's inquiries regarding the type of cyber incident One Brooklyn experienced and whether it involved ransomware or a data breach.

Ransomware is a mounting threat for the healthcare industry, which attracts cybercriminals by having quantities of sensitive data, an often-earned reputation for poor cybersecurity and the perception that most physicians would rather pay the ransom than disrupt medical care.

Entities should contact the FBI as soon as they're hit by a cyber incident because, depending on the details, such as ransomware variant, the bureau can sometimes provide a decryptor, said FBI special agent William McDermott during a presentation at the HIMSS cyber forum in Boston this week.

"We won't show up in FBI raincoats. We come in low-key," he said. Much of the FBI's support for dealing with the incidents is also provided remotely.

"We will never announce that you called us," McDermott said.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.