Ascension reverts to pen-and-paper operations after ransomware attack
A ransomware attack on Ascension Health Network from last week is still disrupting care delivery in at least 12 states and in Washington, D.C., as the organization said it’s operating largely on “manual and paper based systems during the ongoing disruption to normal systems.”
In a statement updated on May 13, Ascension provided details on its current status as it works to investigate the source and extent of the data breach of its systems. Zooming in by region, Ascension is only fully up and running in Arkansas and Missouri. In all other states, paper-based operations are causing service disruptions and potentially significant delays.
While most hospitals, physicians offices and clinics are open during normal business hours, the health system warns that patients may run into snags, particularly in diagnostic imaging, where many scans are being rescheduled.
Due to manual operations, patients seeking treatment at Ascension’s urgent care clinics are warned to expect “longer than usual wait times and some delays.”
Ascension advises patients seeking any care—emergency, elective or primary—to bring with them a list of current medications and as many details on their medical history as possible, as clinicians are unable to access electronic health records.
Additionally, its retail pharmacy operations in most of the country are not operational. Ascension pharmacies are unable to fill new prescriptions or process payments during the shutdown, and patients are being given paper scripts to get drugs at other locations.
Attack details still unclear
On May 9, Ascension released a statement about a ‘cybersecurity event’ that caused a disruption to care operations. That event was later revealed to be a ransomware attack that caused ambulances to be diverted to other hospitals.
Information on what cybercrime organization is responsible, how the perpetrators gained access and what they demanded have not been revealed to the public. However, a spokesperson for Ascension said cybersecurity firm Mandiant was hired to aid with the breach. It is not known if Ascension paid any ransom.
Ascension runs 140 hospitals and 40 long-term care centers in 19 states. The health system attends to 3.1 million emergency and 349,000 urgent care visits annually. More than 16.4 million patients visit its physician offices and clinics.