More than seven months after a cybersecurity attack hit Capital Health, the health system’s investigation of the incident is still ongoing.
At the beginning of July, Capital Health updated its notice to provide more information from the Nov. 28, 2023, attack that disrupted health system operations and gained access to system files and personal information.
“Since then, we have been conducting a detailed review of the affected files to determine whether personal information or protected health information was present and to whom the information relates,” Capital Health said in its website statement.
“At this point, we have begun to identify individuals whose personal information we reasonably believe to have been involved in the incident and are providing written notice at the mailing address we have on file in accordance with applicable laws.”
Some of the information believed by Capital Health to possibly be exposed are names, addresses, social security numbers, dates of birth, email addresses, telephone numbers and clinical information.
Capital Health operates Regional Medical Center in Trenton and Capital Health Medical Center – Hopewell, along with an outpatient facility in Hamilton.
In the investigation of the breach the health system was able to determine that an unauthorized actor gained access to their systems from Nov. 11 to Nov. 26 in 2023, according to Capital Health. In early December that year, it was determined that an unauthorized actor had accessed certain files.
The installation of additional endpoint detection and response software and resetting of passwords are some of the cybersecurity enhancements implemented after the cyberattack.
Capital Health continues to offer complimentary access for identity monitoring, fraud consultation, and identity theft restoration services to help mitigate any potential for harm to people who have been affected by the attack.
Capital Health has not been the only hospital and health system in the state hit by cyberattacks. Last year, around the same time two Hackensack Meridian hospitals, Mountainside Medical Center in Montclair and Pascack Valley Medical Center, were also hit. Those hospitals ended up having to divert patients when the actual cyberattack occurred.
Nationwide, hospitals and health systems have faced increased cyberattacks and ransomware attacks over the recent years.
Emsisoft, a cybersecurity firm, shared in its 2023 report that 46 hospital systems in the United States consisting of 141 hospitals had been impacted by cyberattacks. The firm shared that 32 of the 46 hospital systems had information stolen.