The recent cyber incident at the Ascension healthcare system has caused a major disruption, impacting its electronic health record systems and leading to the redirection of emergency patients to other facilities. The nonprofit, Catholic healthcare system, which operates 140 hospitals and 40 senior care facilities across 19 states, has been forced to take systems such as lab, test, and medication ordering offline following the detection of hackers in its networks.
In response to the cyberattack, Ascension has implemented manual, pen-and-paper processes, and has postponed non-emergent elective procedures, tests, and appointments. Patients are advised to bring detailed notes on their symptoms and current medications to appointments to facilitate the ordering of medications by clinicians. The healthcare system is working tirelessly with internal and external advisors to investigate, contain, and restore its systems, although no specific timeline for completion has been provided.
The incident at Ascension comes in the wake of a similar cyberattack on UnitedHealth Group’s IT solutions unit, Change Healthcare, by the BlackCat/Alphv cybercriminal gang. This attack resulted in disruptions to critical services used by thousands of healthcare providers across the U.S., including claims processing, prescription orders, and patient eligibility.
In response to these escalating cyber threats, the Biden administration is considering issuing a proposed rule that would require hospitals and other healthcare providers that receive Medicare and Medicaid payments to adhere to minimum cybersecurity standards. This move is aimed at enhancing the overall cybersecurity posture of the healthcare sector and safeguarding sensitive patient information from malicious cyber activities.
Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center, has urged all healthcare organizations to review and implement the Department of Health and Human Services’ Cybersecurity Performance Goals, which were introduced as voluntary guidelines earlier this year. These guidelines are designed to help healthcare entities enhance their cybersecurity practices and better protect their systems and data from evolving cyber threats.
As the healthcare industry continues to face increasing cyber risks, it is crucial for organizations to prioritize cybersecurity measures and ensure compliance with industry best practices and regulatory requirements. By taking proactive steps to enhance their security posture and implement robust cybersecurity protocols, healthcare entities can effectively mitigate the risk of cyber incidents and protect the integrity of their operations and patient data.