Ascension, one of the largest nonprofit healthcare systems in the United States, is currently dealing with disruptions in its clinical operations following a cyberattack that forced the organization to shut down some of its systems.
After detecting unusual activity on certain technology network systems, Ascension took immediate action by launching an investigation and implementing remediation efforts. As a result, access to specific systems has been temporarily interrupted as part of the ongoing investigation process.
In response to the cyber incident, Ascension has advised its business partners to disconnect from its systems as a precautionary measure. The organization has assured partners that they will be informed when it is safe to reconnect. Authorities have been notified about the cyberattack, and Ascension has enlisted the help of Mandiant incident response experts to assist in the investigation and remediation efforts.
With operations in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. The organization boasts a significant workforce comprising 8,500 providers, 35,000 affiliated providers, and 134,000 associates, generating a total revenue of $28.3 billion in 2023.
As disruptions persist at Ascension healthcare facilities, patients have reported chaos and delays in receiving care. One patient, Zackery Lopez, described a hectic scene at Ascension Providence Southfield hospital, where he had to wait for almost seven hours to receive pain medication for his cancer recurrence. Nurses and doctors were seen using manual charts due to the system shutdown, causing delays and confusion in patient care.
Similar challenges were reported at other Ascension facilities, such as Ascension Via Christi St. Joseph in Wichita, Kansas, where operating rooms were shut down, and essential systems for patient care, including medication scanning and electronic charts, were unavailable. Healthcare providers had to resort to paper-based processes, causing additional strain on the already overwhelmed staff.
Natalie Sirianni, an MD associated with Ascension, echoed the sentiments of chaos and unpreparedness during the cyber incident. She highlighted the critical need for better preparation and contingency plans in the face of such disruptions to ensure patient safety and care continuity.
Concerns also arose regarding the security of personal information and the potential risk of data breaches. Patients like Lopez expressed apprehensions about the protection of their sensitive data and sought reassurance from authorities, who seemed unable to provide definitive answers amidst the ongoing crisis.
This incident at Ascension adds to the growing trend of healthcare breaches and ransomware attacks across the United States. Recent incidents like the Change Healthcare breach have caused significant disruptions and financial repercussions for healthcare organizations. The rise in cyber threats targeting the healthcare sector underscores the urgent need for robust cybersecurity measures and proactive defenses to safeguard patient data and ensure uninterrupted care delivery.
In response to these evolving threats, government agencies like the U.S. Department of Health and Human Services are issuing warnings and guidance to healthcare providers on mitigating cybersecurity risks. The healthcare industry must prioritize cybersecurity investments and training to effectively combat the escalating threat landscape and protect patient information.
As Ascension continues to grapple with the aftermath of the cyberattack, the healthcare organization faces a challenging road ahead in restoring normal operations and rebuilding trust with patients and partners. The incident serves as a stark reminder of the persistent cybersecurity risks faced by healthcare providers and the critical importance of vigilance and preparedness in safeguarding sensitive medical information.