Ascension, one of the largest nonprofit health systems in the United States, has been grappling with the aftermath of a significant ransomware attack since early May. This incident has brought to light serious operational vulnerabilities and has had a cascading impact on patient care across its facilities nationwide.
The cyberattack, which was detected on May 8, forced Ascension to take many of its electronic systems offline, including those crucial for patient documentation, medication ordering, and test results. This disruption has persisted for weeks, severely hampering the ability of medical staff to provide efficient care and raising significant safety concerns.
The on-the-ground reality of healthcare cyberattacks. https://t.co/xlThFVnZAQ
— Matt Sztajnkrycer (@NoobieMatt) June 19, 2024
The attack was reportedly initiated when an Ascension employee inadvertently downloaded malware, leading to unauthorized access to the hospital’s network. The initial response involved shutting down affected systems to prevent further spread, which resulted in the suspension of electronic health records (EHR) access and other critical functions across 19 states.
In the wake of the attack, Ascension has been working tirelessly to restore its systems. As of early June, the hospital chain announced partial restoration of its EHR systems in several locations, including Florida, Alabama, and Austin, Texas. Full restoration across all facilities is expected by mid-June.
Patients at Ascension hospital network given lethal doses of narcotics after disastrous cyberattack https://t.co/bYE01CRAmM pic.twitter.com/GqasH3QPvd
— Daily Mail Online (@MailOnline) June 19, 2024
The prolonged downtime of electronic systems has had a notable impact on patient care, particularly in critical units. Nurses at Ascension Via Christi St. Joseph in Wichita have reported significant challenges in managing medication dosages and verifying patient information, which are crucial for the care of vulnerable patients such as preterm babies.
Lisa Watson, a medical ICU nurse, described the situation as "a recipe for disaster," highlighting the risks of medication errors due to the lack of automated systems. This sentiment was echoed by other medical professionals who pointed out that manual processes are not only time-consuming but also prone to errors.
The Ascension cyberattack is part of a growing trend of ransomware attacks targeting healthcare institutions. These attacks exploit vulnerabilities in outdated or poorly secured systems, often demanding hefty ransoms to restore access. The prolonged recovery time in Ascension’s case has drawn criticism from cybersecurity experts who argue that health systems should have more robust backup and recovery protocols in place.
In response to these challenges, Ascension has offered credit monitoring and identity theft protection services to affected patients and employees. Additionally, there is a push for enhanced cybersecurity measures to prevent future incidents and ensure the resilience of healthcare IT infrastructure.