Cyberattack hits national healthcare system Ascencion
Hospitals across the nation were disrupted Thursday after mega-health system Ascencion confirmed it was hit by a cyberattack amid heightened concerns over cybersecurity in health care and an alarming surge in breaches.
Health care workers in several states including Wisconsin, Michigan and Florida reported interruptions to patient care Thursday as Ascencion, one of the largest private healthcare systems in the U.S., grappled with the attack. The St. Louis-based health system with 140 hospitals across the United States said it first detected the attack Wednesday and clinical operations continued to be impacted, pushing hospitals to sever connections to its online system.
“On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event,” Ascension said in a statement Thursday. “At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.”
The Ascencion breach comes amid renewed scrutiny on cybersecurity in health care as attacks become increasingly common, often affecting protected health information along with other data, such as account numbers, Social Security numbers, phone numbers and addresses. UnitedHealth Group CEO Andrew Witty was called to testify before Congress last week after a ransomware attack in February threatened patient care and endangered sensitive data. Witty told Congress he estimated the breach affected roughly one-third of Americans.
With computers offline, ‘It’s like the 1980s or 1990s’
Health care workers at Ascension Wisconsin sites reported not having access to Epic, the system used for storing patients’ medical information and managing their care. The interruption means doctors and nurses can’t see medical histories or other patient information, communicate like they used to across hospital departments, and have little ability to see patients’ prior labs or test results. Healthcare workers said they are having to use paper records to track patient conditions, order procedures and write prescriptions.
“This is a crisis situation,” said Tracey Schwerdtfeger, a registered nurse at Ascension St. Francis Hospital on Milwaukee’s south side. “It’s really just seemed to paralyze a lot of the stuff we need to do.”
Employees in Michigan noticed the computer network problems about 7 a.m. Wednesday, said three workers who spoke on the condition of anonymity out of fear of job repercussions.
“There was a security concern, so they shut down the system,” one physician told the Free Press, part of the USA TODAY Network. “It’s affecting everything.”
Another Ascension Michigan doctor said: “We have no access to medical records, no access to labs, no access to radiology or X-rays, no ability to place orders. We have to write everything on paper. It’s like the 1980s or 1990s. You go to the X-ray room to look at the X-rays on film, you call the lab they tell you what the results are over the phone. So it’s just much more cumbersome, but we do have training for these moments.”
A nurse told the Free Press Wednesday evening that Ascension hospitals were still accepting patients by ambulance who were medically unstable and in need of lifesaving treatment, but those who were more stable and could be taken to other nearby hospitals for care were diverted because of the computer network outage.
“I just hope it doesn’t last very long because certainly patient care will be negatively impacted,” a physician said. “The data that shows that during computer network downtime, your risk of an adverse event goes up.”
Ascension said it is working with cybersecurity consulting company Mandiant to investigate and help determine what information, if any, was compromised in the attack.
“Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” Ascension said in a statement.
Breaches threaten millions of Americans
More than 144 million Americans’ medical information was stolen or exposed last year in a record-breaking number of health care data breaches, a USA TODAY analysis of Health and Human Services data found.
Since 2019, data breaches targeting third-party vendors contracted by hospitals have more than tripled, growing at a significantly faster rate compared to attacks aimed directly at traditional health care providers, the analysis showed.
Earlier this year, a ransomware group targeted Change Healthcare, the nation’s largest health care payment system owned by UnitedHealth Group. The company handles a third of all patient records and processes 15 billion health care transactions a year, according to the HHS.
American Hospital Association President Rick Pollack said the attack on Change Healthcare was the “most significant and consequential incident of its kind against the U.S. health care system in history.” The breach disrupted hospitals for nearly two weeks, Pollack said, making it harder to fill prescriptions, submit insurance claims and receive payment.
Contributing: Cecilia Garzella, USA TODAY; Sarah Volpenhein, Milwaukee Journal Sentinel
