The emergency rooms at Hackensack Meridian’s Mountainside Medical Center in Montclair and Pascack Valley Medical Center in Westwood were put on divert status Monday after a network outage due to a potential security incident, Hackensack Meridian Health said.

The incident was declared by Ardent Health Services, which oversees the two hospitals, to be a ransomware attack.

“The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality,” the company said. “Ardent has reported this event to law enforcement and retained thirdparty forensic and threat intelligence advisers.

“In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible,” the statement said.

“At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.”

Patient care and other Hackensack Meridian hospitals were not being affected by the incident.

Emergency room patients were still receiving proper care, officials said. However, local emergency medical services were being advised to divert patients to other hospitals while the systems issues were being addressed.

“This ensures critically ill patients have immediate access to the highest level of care as we work to bring our systems back online,” Hackensack Meridian Health said.

Nashville-based Ardent, which operates 30 hospitals nationwide, was working to restore full access to facilities and assess the impact of the incident. They also were conducting a further investigation.

History of cybersecurity attacks

Hackensack Meridian, a network with 18 hospitals and 36,000 employees, is no stranger to cybersecurity attacks.

In 2019, hackers disabled its computer network for two days, leaving staff members scrambling to reschedule non-emergency surgeries. Doctors and nurses had to deliver care without access to electronic records.

The hospital network paid an undisclosed amount in ransom to stop a cyberattack that had disrupted its computers. At the time, hospital executives said they had insurance to help cover the costs associated with cyberattacks, including payment, remediation and recovery efforts.

Hospitals targeted nationwide

Hackers began targeting hospitals nationwide more than a decade ago because many had recently converted to digital records from paper. Their data security wasn’t considered as strong as that of banks and other businesses that had been hacked in the past, although advances have been made in recent years.

The attacks often involve ransomware, with hackers disabling systems and promising to return them to normal in return for lucrative payments.

Hospitals are also more likely to pay ransoms, because crippling operations could lead to deadly consequences, security analysts have said.

A successful attack can be costly. In 2020, Newark’s University Hospital reportedly paid a $670,000 ransomware demand to prevent the publishing of 240 gigabytes of stolen data, including patient information.

“At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.”

Hackensack Meridian Health

In a statement