Hospitals & Facilities

Ascension hospitals remain operational as cyberattack continues, keeps systems down

Some diagnostic imaging, tests, and treatments have been delayed.
article cover

Josh Brasted/Getty Images

· 3 min read

Navigate the healthcare industry

Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.

Fallout from a May 8 ransomware attack on national hospital operator Ascension has continued into this week, with most staff transitioning to manual recordkeeping as some software systems remain down, according to a Tuesday press release.

Ascension, a St. Louis-based Catholic nonprofit with 140 hospitals and thousands of affiliates around the country, said it made progress to restore some systems over the weekend, according to the press release.

All of the system’s hospitals and physician sites remain open and operational, according to the release, and its website recommends that patients show up for their elective procedures unless otherwise notified. But Ascension said that some of its pharmacies are currently only able to process cash payments, and that some diagnostic imaging, tests, and treatments have been delayed.

“Our hospitals and facilities remain open and are providing care,” Ascension’s announcement reads. “However, due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately.”

Neal Higgins, Partner at Eversheds Sutherland, told Healthcare Brew the attack on Ascension mirrors what happened to CommonSpirit Health in 2022, which cost the healthcare system around $160 million in lost revenue and remediation costs.

Ascension’s immediate strategy seems different from CommonSpirit’s more guarded response, Higgins said, as the operator informed federal authorities and communicated “proactively” about the nature and impact of the attack.

Ascension has notified the FBI, the Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services, and the American Hospital Association, according to a May 11 press release.

Higgins, a former White House Deputy National Cyber Director for National Cybersecurity, said the trend of ransomware attacks against care providers and hospitals has proven bad actors officially see healthcare as “fair game.”

Providers should now see the importance of investing in basic cyber hygiene: “hard passwords, multi-factor authentication, network segmentation, and patching and updating,” Higgins said.

“There’s a need for constant vigilance, regular maintenance to maintain proper cybersecurity. What makes that particularly challenging in a hospital environment…is that you may have different software applications, different IT systems, which makes it more difficult for you to patch and update all of your software,” Higgins said.

“There may be interdependencies between systems that make it more complicated to stay on top of,” he added. “That can create vulnerability.”

Correction 05/20/24: This piece has been updated to note that Neal Higgins is partner at Eversheds Sutherland.

Navigate the healthcare industry

Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.