Hospitals & Facilities

Delayed care, closed pharmacies, hospitals on diversion: Two weeks into the ransomware attack on Ascension

The nonprofit hasn’t released a timeline on restoring systems.
article cover

Josh Brasted/Getty Images

· less than 3 min read

Navigate the healthcare industry

Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.

Two weeks into the ransomware attack on national hospital operator Ascension, access to many electronic patient records, communication systems, and online ordering and prescribing systems remains blocked, according to a May 21 statement—and the effects are reportedly snarling patient care.

In Detroit, where the hospitals have relied on fax machines to send orders, even critically ill patients have seen hours-long delays in their test results, the Detroit Free Press reported.

One nurse anonymously told the news outlet she wasn’t even sure the blood test results she received belonged to her patient because of the current manual recordkeeping system, adding, “We are waiting four hours for head CT (scan) results on somebody having a stroke or a brain bleed.”

Ascension, a St. Louis-based Catholic nonprofit with 140 hospitals and thousands of affiliates around the country, said in a May 15 statement that it was working with outside cybersecurity firm Mandiant for help, as well as enlisting “cybersecurity experts from Palo Alto Networks Unit 42 and from CYPFER to help supplement” their efforts to restore systems.

Several of its hospitals are still on diversion, which means they won’t accept new ambulance arrivals, “in order to ensure emergency cases are triaged immediately,” according to its statement.

Pharmacy operations have also been paused; several Ascension retail pharmacies in Florida, Wisconsin, Alabama, Illinois, Indiana, Kansas, Michigan, Oklahoma, and Texas are unable to fill prescriptions as of May 21.

Meanwhile, two class action lawsuits have been filed in the district courts of Illinois and Texas, alleging Ascension failed to properly encrypt patient data and left records vulnerable to attack.

“Ascension continues to work with industry-leading cybersecurity experts to investigate the recent ransomware attack and to rebuild and restore our systems securely,” the nonprofit’s May 21 statement said. “While this process continues in earnest, our hospitals and facilities remain open and are providing care.”

But as of May 22, the hospital operator had not released any kind of timeline for restoration.

Navigate the healthcare industry

Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.