Ascension confirms ransomware caused service shutdowns, ambulance diversions

More details are coming in on the “cybersecurity event” at Ascension Healthcare Network last week, with the health system releasing a statement confirming they were victims of a ransomware attack.

The cyberattack on Ascension—which runs 140 hospitals and 40 long-term care centers in 19 states—blocked access to the electronic health record, effectively limiting operations enough to cause ambulances to be diverted to other facilities and many patients to have medical tests and treatments delayed. 

Ascension said emergency services are once again operational; however, a partial outage of its network has forced the “pause of some non-emergent elective procedures, tests and appointments” while the health system works to get services back up and running.

A spokesperson for Ascension said the organization is working to reschedule care for patients and divert medical tests to other hospitals as necessary. For now, Ascension has been forced to shut down patient portals and online scheduling to stop the spread of the ransomware. 

The exact nature of delayed care ranges from unfilled prescriptions, missed mammograms and more, but patients currently hospitalized at an Ascension were reassured there is no need for a transfer, as clinicians are “trained in providing patient care with established downtime protocols and procedures.” However, those seeking emergency care at Ascension hospitals going forward are advised to bring with them a list of current medications and as many personal medical history details as possible. 

Authorities have been notified of the breach, the statement said. As of now, there is no indication that patient data has ended up on the dark web and it is not clear what information, if any, the hackers had taken. The ransomware attack is still being investigated. No cybercrime group has claimed credit for the attack, and it is not yet clear how hackers gained access.

“Investigations of this nature take time to complete. While we are not able to provide an exact timetable, we will continue to provide updates as appropriate,” an Ascension spokesperson said. 

The health system is not sure when patient care disruptions will end, but has hired cybersecurity firm Mandiant to aid in the investigation of the breach and the restoration of systems.

Ascension attends to 3.1 million emergency and 349,000 urgent care visits annually. More than 16.4 million patients rely on its physician offices and clinics.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.