Ascension reverts to pen-and-paper operations after ransomware attack

A ransomware attack on Ascension Health Network from last week is still disrupting care delivery in at least 12 states and in Washington, D.C., as the organization said it’s operating largely on “manual and paper based systems during the ongoing disruption to normal systems.”

In a statement updated on May 13, Ascension provided details on its current status as it works to investigate the source and extent of the data breach of its systems. Zooming in by region, Ascension is only fully up and running in Arkansas and Missouri. In all other states, paper-based operations are causing service disruptions and potentially significant delays. 

While most hospitals, physicians offices and clinics are open during normal business hours, the health system warns that patients may run into snags, particularly in diagnostic imaging, where many scans are being rescheduled.

Due to manual operations, patients seeking treatment at Ascension’s urgent care clinics are warned to expect “longer than usual wait times and some delays.” 

Ascension advises patients seeking any care—emergency, elective or primary—to bring with them a list of current medications and as many details on their medical history as possible, as clinicians are unable to access electronic health records. 

Additionally, its retail pharmacy operations in most of the country are not operational. Ascension pharmacies are unable to fill new prescriptions or process payments during the shutdown, and patients are being given paper scripts to get drugs at other locations.

Attack details still unclear

On May 9, Ascension released a statement about a ‘cybersecurity event’ that caused a disruption to care operations. That event was later revealed to be a ransomware attack that caused ambulances to be diverted to other hospitals. 

Information on what cybercrime organization is responsible, how the perpetrators gained access and what they demanded have not been revealed to the public. However, a spokesperson for Ascension said cybersecurity firm Mandiant was hired to aid with the breach. It is not known if Ascension paid any ransom.

Ascension runs 140 hospitals and 40 long-term care centers in 19 states. The health system attends to 3.1 million emergency and 349,000 urgent care visits annually. More than 16.4 million patients visit its physician offices and clinics.

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

The scheme took place over a period of at least seven years, resulting in Medicare being billed for more than $70 million in fraudulent claims for unnecessary scans. 

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals.