With the news that numerous hospitals in the Ascension network across the United States had to shut down their computer systems due to a cybersecurity incident, medical staff across the country were once again reverting to paper-based charting, and the final day of care was dramatically disrupted. It changed to
One Michigan doctor said he did not have access to medical records, labs, radiology or X-rays, nor the ability to order them, the Detroit Free Press reported.
“We have to put everything on paper. It's like in the 1980s and 1990s. You go to the X-ray room and look at the X-rays on film, and you call the lab and they tell you the results. You can get it,” the doctor said. It's much more of a hassle because it's over the phone, but we're training for moments like that. ”
Another Maryland man said his partner, a 69-year-old woman, had a number of medical problems and was admitted to Ascension St. Agnes Hospital in Baltimore last night, but they also did not have all her medical records. It was written on paper. To make matters worse, the hospital doctor is unable to receive the woman's medical history from the general practitioner (GP), and the hospital doctor is unable to send the recent tests done at the hospital to the general practitioner, who then performs the tests. That was almost impossible. Make sure her doctor consults her and treats her appropriately.
Ascension, which operates 142 hospitals and 40 senior living facilities in 19 states and the District of Columbia, is the largest nonprofit Catholic health care system in the United States, with revenues of $28.3 billion in 2023.
The nonprofit organization said in a statement on May 9 that it detected unusual activity on “some technical network systems” on May 8. [unspecified] Cyber security incident.
“At this time, we continue to investigate the situation,” Ascension said in a statement. “Our care teams are trained to prepare for this type of disruption and have initiated steps to ensure the delivery of patient care remains safe and to minimize the impact as much as possible.Clinical Our operations have been disrupted and we continue to assess the impact and duration of the disruption.”
Ascension hired Google Mandiant to assist with the investigation and remediation process and notified the appropriate authorities. The statement said it is investigating what information may have been affected and will notify those affected if sensitive information has been stolen.
“The Ascension attack following Change Healthcare shows that the threat of malicious actors targeting healthcare is more than just a threat,” said First Health Advisory Chief Security Officer and SC Media columnist. said one Toby Gawker. Both the largest and smallest healthcare providers can even intimidate ER patients who are trying to get into a bed for emergency care. ”
BlackFog founder and CEO Darren Williams added that healthcare consistently ranks in the top three sectors when it comes to ransomware. Mr Williams said the large amount of sensitive data combined with the potential to cause large-scale disruption made the sector an attractive target for cybercriminals.
“The attack on Ascension Hospital, along with the recent Change Healthcare attack, clearly demonstrates the healthcare industry's failures when it comes to preventing attacks and protecting patient data,” Williams said.
John Bambenech, president of Bambenek Consulting, said the attack is similar to ransomware and could quickly revert healthcare to paper medical records. Bambenek said similar incidents have occurred at several area hospitals and health care chains in recent months, as multiple ransomware groups target these types of organizations.
“Some of these organizations have become ‘regular customers’ of ransomware groups, reflecting a degree of complacency and a pervasive mindset that there is little that can be done to prevent it. Therefore, a combination of insurance, paper charts, and risks must be used to manage risk.'' Accepting increased mortality rates is increasingly typical of hospitals enduring such attacks. approach,” Bambenek said. “As a result, only cyber insurers can actually force change, and they can place conditions on policy renewals and post-breach responses.”
