Ascension reverts to pen-and-paper operations after ransomware attack

A ransomware attack on Ascension Health Network from last week is still disrupting care delivery in at least 12 states and in Washington, D.C., as the organization said it’s operating largely on “manual and paper based systems during the ongoing disruption to normal systems.”

In a statement updated on May 13, Ascension provided details on its current status as it works to investigate the source and extent of the data breach of its systems. Zooming in by region, Ascension is only fully up and running in Arkansas and Missouri. In all other states, paper-based operations are causing service disruptions and potentially significant delays. 

While most hospitals, physicians offices and clinics are open during normal business hours, the health system warns that patients may run into snags, particularly in diagnostic imaging, where many scans are being rescheduled.

Due to manual operations, patients seeking treatment at Ascension’s urgent care clinics are warned to expect “longer than usual wait times and some delays.” 

Ascension advises patients seeking any care—emergency, elective or primary—to bring with them a list of current medications and as many details on their medical history as possible, as clinicians are unable to access electronic health records. 

Additionally, its retail pharmacy operations in most of the country are not operational. Ascension pharmacies are unable to fill new prescriptions or process payments during the shutdown, and patients are being given paper scripts to get drugs at other locations.

Attack details still unclear

On May 9, Ascension released a statement about a ‘cybersecurity event’ that caused a disruption to care operations. That event was later revealed to be a ransomware attack that caused ambulances to be diverted to other hospitals. 

Information on what cybercrime organization is responsible, how the perpetrators gained access and what they demanded have not been revealed to the public. However, a spokesperson for Ascension said cybersecurity firm Mandiant was hired to aid with the breach. It is not known if Ascension paid any ransom.

Ascension runs 140 hospitals and 40 long-term care centers in 19 states. The health system attends to 3.1 million emergency and 349,000 urgent care visits annually. More than 16.4 million patients visit its physician offices and clinics.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

HHS has thought through the ways AI can and should become an integral part of healthcare, human services and public health. Last Friday—possibly just days ahead of seating a new secretary—the agency released a detailed plan for getting there from here.

Philips is recalling the software associated with its Mobile Cardiac Outpatient Telemetry devices after certain high-risk ECG events were never routed to trained cardiology technicians as intended. The issue, which lasted for two years, has been linked to more than 100 injuries. 

Heart Rhythm Society President Kenneth A. Ellenbogen, MD, detailed a new advocacy group focused on improving EP reimbursements, patient care and access. “If you’re not at the table, you’re on the menu," he said.