fbpx

A cyberattack this week on health system giant Ascension forced hospitals across the nation to divert ambulances, blocked access to online patient records, and caused patients to postpone medical tests. It also put millions of patient records and private data at risk.

Non-profit, St. Louis-based Ascension, one of the largest private healthcare systems in the U.S., operates 140 hospitals and 40 senior living facilities in 19 states. An Ascension spokesperson said it first became aware of a problem Wednesday on its computer network systems.

“On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event,” Ascension said in a statement Thursday. “At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.”

“We are working around the clock with internal and external advisors to investigate, contain, and restore our systems. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” according to latest statements.

Health care workers in several states including Wisconsin, Michigan and Florida reported disruptions to patient care on Thursday. Both the electronic records system and systems that gives patients access to their records were offline. Clinical operations continued to be impacted, which led to hospitals severing connections to online systems.

These interruptions meant medical staff couldn’t see medical histories, access patient information, communicate with other hospital departments, or view patient labs or test results. Healthcare workers said they were having to revert to using paper systems to record conditions, order procedures, and write prescriptions.

Attacks against the healthcare sector are increasing.

The Ascension breach comes as attacks on healthcare providers become increasingly common, often affecting protected health information along with other sensitive data, such as Social Security numbers, phone numbers, and home addresses.

A USA TODAY study reports that more than 144 million Americans’ medical information was stolen or exposed last year in a record-breaking number of health care data breaches. Since 2019, data breaches targeting third-party vendors contracted by hospitals have more than tripled, the analysis showed.

In February this year, a ransomware group targeted Change Healthcare. The attack caused billing disruptions at pharmacies across the country. An estimate one-third of Americans may have had their personal data compromised in the hack, according to Change owner, UnitedHealth Group CEO Andrew Witty. Witty revealed in testimony to Congress that UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data.

A ransomware attack in November on  Ardent Health Services system, which operates 30 hospitals in six states, caused the provider to divert patients from some of its emergency rooms to other hospitals and postpone some elective procedures.

On Friday, the Health Information Sharing and Analysis Center published an advisory warning that hackers using ransomware have “recently accelerated attacks against the healthcare sector.”