Concerns Raised Over Operational Lapses Following Hospital Cyberattack

One of the largest nonprofit health systems in the United States, Ascension, has been dealing with the aftermath of a significant ransomware attack starting from early May. This incident has uncovered serious operational weaknesses and has affected patient care across its facilities nationwide.

On May 8, the cyberattack was discovered, leading Ascension to shut down many electronic systems, including those essential for patient records, medication orders, and test results. This disruption has lasted for weeks, severely impacting medical staff’s ability to deliver efficient care and raising considerable safety concerns.

The real-life impact of healthcare cyberattacks. https://t.co/xlThFVnZAQ

— Matt Sztajnkrycer (@NoobieMatt) June 19, 2024

The attack began when an Ascension employee unknowingly downloaded malware, leading to unauthorized access to the hospital’s network. Initial actions involved shutting down affected systems to prevent further spread, resulting in the suspension of electronic health records (EHR) access and other critical functions across 19 states.

In response to the attack, Ascension has been working diligently to restore its systems. By early June, partial restoration of its EHR systems was announced in several locations like Florida, Alabama, and Austin, Texas. Full system restoration across all facilities is anticipated by mid-June.

Patients at Ascension hospital network given lethal doses of narcotics after disastrous cyberattack https://t.co/bYE01CRAmM pic.twitter.com/GqasH3QPvd

— Daily Mail Online (@MailOnline) June 19, 2024

The extended downtime of electronic systems has significantly impacted patient care, especially in critical units. Nurses at Ascension Via Christi St. Joseph in Wichita have highlighted substantial difficulties in administering medication doses and confirming patient details, crucial for the care of vulnerable patients such as preterm babies.

Lisa Watson, a medical ICU nurse, expressed concerns about potential medication errors due to the absence of automated systems, calling it “a recipe for disaster.” Others in the medical field emphasized that manual processes are not only time-consuming but also prone to errors.

The Ascension cyberattack is part of a concerning trend of ransomware attacks on healthcare institutions. These attacks exploit weaknesses in outdated or poorly secured systems, often demanding significant ransoms for system restoration. The recovery process’s prolonged nature in the case of Ascension has drawn criticism from cybersecurity experts, advocating for stronger backup and recovery protocols in healthcare systems.

In response to these issues, Ascension has offered credit monitoring and identity theft protection services to affected individuals. There is also a push for improved cybersecurity measures to prevent future incidents and safeguard the resilience of healthcare IT infrastructure.