Ambulances diverted after New York hospitals hit by cyber attack

It's all too easy sometimes to imagine that a cyber attack is confined to the digital world, and that - although disruptive - it may not have serious consequences in real life.

Maybe the attack which happened last week in New York will make you think differently.

A cyber attack hit the infrastructure of Westchester Medical Center Health Network, impacting the computer systems of HealthAlliance Hospital in Kingston along with Margaretville Hospital and Mountainside Residential Care Center.

In an attempt to manage what must have been a difficult situation, a decision was made to shut down all of Westchester Medical Center Health Network's connected IT systems at 10pm on the night of Friday 20 October, and to slowly bring them back online on a rolling basis over the weekend.

By Monday, all systems were reportedly restored.

However, during the period when essential IT systems were offline a decision was made to divert ambulances to other hospitals.

Although the hospitals underline that the decision was made to ensure patient safety it would have inevitably resulted in delayed care for some patients and additional workload and stress for staff.

Westchester Medical Center Health Network says that it is working closely with the New York State Department of Health, has sought assistance from third-party cybersecurity experts, and has informed law enforcement about the incident.

Although ambulances were diverted as a result of the cyber attack, the hospitals remained opened throughout and continued to accept walk-in patients who were either treated on site or were transferred to other facilities.

At present it has not been determined if any patient data was compromised during the incident which sounds suspiciously like a ransomware attack.

Cybercrime can have real, non-digital consequences. Some ransomware groups in the past have claimed that they deliberately do not target healthcare organisations because of this, but it seems that - all too often - they are in as much danger as the rest of us.

In August 2023, hospitals and clinics across several states found themselves offline for weeks as they struggled to restore systems following a cyber attack.