DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

One Brooklyn Health System offline for more than one week — has it been hit with ransomware?

Posted on November 30, 2022 by Dissent

If it sounds like a ransomware attack and they won’t tell you what’s going on for more than one week, I think ransomware sounds like a reasonable guess, and DataBreaches understands why some people are suggesting that. 

On November 25, The City reported:

The computer network system at a major Brooklyn hospital network has been offline since Nov. 19 – leaving medical staff unable to access patient medical records or to upload laboratory and test results to electronic patient portals, according to doctors and other people aware of the situation.

The outage affects One Brooklyn Health System, a consortium that comprises Interfaith Medical Center, Brookdale Medical Center and Kingsbrook Jewish Medical Center.

The situation is ongoing. Yesterday, The New York Post reported:

Patients from Brookdale, Interfaith and Kingsbrook Jewish hospitals — part of the One Brooklyn Health System — have had to seek treatment at other hospitals amid the cybersecurity mess, which has left medical staffers unable to access patient records, sources told The Post.

Some media outlets seem to be getting caught up in city and state politics over this.  That’s unfortunate. Let’s focus on the real issue right now — patient care has been disrupted and is at risk of medical errors due to lack of access to records. One Brooklyn is reportedly transferring patients to other hospitals without any explanation, and according to one source for the New York Post’s story, FDNY’s EMS service kept sending its ambulances to One Brooklyn hospitals because no one told them that One Brooklyn had an IT problem.

Where and what was One Brooklyn Health’s emergency plan? Was it implemented correctly or didn’t it get implemented promptly and completely?

When asked for an explanation about the outage which the NY Post described as a “crash,”  Department of Health spokesperson Jeffrey Hammond reportedly told the press, ““We are aware of the incident, and we are working with One Brooklyn Hospital Network to ensure patient safety. As this is an ongoing investigation, we cannot comment further.”

That last statement is factually incorrect. They certainly can comment further. There is no law that prohibits the DOH or Brooklyn One Health from being forthright with the patients and public. If this is a  ransomware attack, as it appears to be, or even if it isn’t, given the lengthy disruption, they should acknowledge it, hold a press conference to get the word out about disrupted services and expectations, and then post a notice on their website to explain to patients what is going on.

Communications are crucial.

Related posts:

  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
  • Hospitals in multiple states diverting patients after Ardent Health Services hit with ransomware attack
  • Six U.S. hospital breach reports from July; some have flown under the media radar (1)
Category: Commentaries and AnalysesHealth DataMalwareOf NoteU.S.

Post navigation

← Liability for cyber attacks clarified by Ontario Court of Appeal
Connexin Software notifies parents of 2.2 million pediatric patients of hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.