Authorities haven't disclosed what's been demanded by the cybercriminals who forced ambulances to divert to other hospitals from Pascack Valey Medical Center in Westwood and Mountainside Medical Center in Montclair beginning on Thanksgiving evening.
Lab work, radiology, scheduling, billing -- basically anything involving computer software -- apparently were affected.
"No one can use the computers in the buildings," a source said. "The hospitals are doing everything by paper. The iPads have cell signal capability, thank goodness. Medics used them to send their charts."
Both hospitals are part of the Hackensack Meridian Health system and its parent company, Ardent Health Services, which owns more than three dozen facilities across the country.
Hackensack Meridian issued a statement early Monday Nov. 27:
"We became aware of a network outage due to a potential security incident that is impacting Hackensack Meridian Mountainside Medical Center and Hackensack Meridian Pascack Valley Medical Center. There is no adverse impact on patient care. No other HMH hospitals are impacted, as they are hosted on a separate network.
"As we work to assess the impact of this outage and restore access, we are following established downtime protocols. As a precaution, our Emergency Rooms are currently on divert status.
We continue to care for patients in both of our ERs, however, we have asked our local EMS systems to temporarily divert patients in need of emergency care to other area facilities while we address our system issues. This ensures critically ill patients have immediate access to the highest level of care as we work to bring our systems back online.
There’s no word on who is behind the computer attack or if anything is being asked of or demanded of the hospital. There’s also no word on when the emergency rooms may begin admitting patients again."
Federal authorities hadn't publicly addressed the situation by the end of the weekend.
Cyberattacks have forced hundreds of health care providers across the country offline over the past several years.
Hackensack Meridian Health paid an undisclosed amount of money following a ransomware attack that affected all 17 of its statewide hospitals and clinics in late 2019.
Hackensack Meridian said at the time that the breach proved that "even the best preparation may not prevent a successful attack."
This year alone, cyberattacks have diverted ambulances from hospitals in Connecticut, Pennsylvania, Florida and Idaho. Nationwide, 209 such attacks have been reported in 2023, up from 162 last year.
Ransomware -- also known as malware -- ordinarily arrives in what appears to be a legit-looking link or email attachment. As soon as it's clicked, or opened, data is encrypted on a computer system that locks it up until a ransom is paid.
Local police departments, school districts and governmental agencies at all levels have been targets, but healthcare providers have been victimized more often than the rest, experts say.
Recovering from cyberattacks can take weeks, according to John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk.
Fewer people are treated, less care is available and patients' survival is threatened -- particularly in those instances of heart attack and stroke.
For those reasons, health care providers have appeared more willing to pay up, despite law enforcement's desire that they don't.
Click here to follow Daily Voice Ridgewood and receive free news updates.