Ascension cyberattack: Some hospitals are still diverting ambulances

Two weeks after Ascension reported a cybersecurity incident, some hospitals are continuing to divert ambulances and patient care is being affected.

Ascension hospitals and clinics continue to deal with the impact of a ransomware attack. Some hospitals are diverting ambulances, and patients are seeing longer waits at clinics.

Ascension said in an update Tuesday that it is making progress in restoring systems and is working with cybersecurity experts to investigate the attack. The health system previously confirmed that it has experienced a ransomware attack.

The system’s hospitals and clinics are all open and the system says it continues to care for patients. Some emergency departments are accepting all patients.

Nonetheless, some Ascension hospitals in Michigan, Indiana, and Tennessee are continuing to divert ambulances from their emergency departments to other facilities, the system says. Ascension says those hospitals are doing so to ensure they get triaged effectively.

Ascension facilities are relying on paper records as some key systems, including their electronic health records, remain offline. Some phone systems and patient portals are also not available, the system says.

Physician offices and urgent care centers are continuing to serve patients, but Ascension is advising patients that they may experience longer waits due to the disruption of key systems. Patients are being advised to show up for any scheduled appointments at clinics and hospitals.

The health system said Tuesday that it has started the first of “a series of regular touchpoints” with partners and vendors to assist them in reconnecting to the Ascension network.

Ascension said it is working with cybersecurity experts “to rebuild and restore our systems securely.”

Employees described a confusing environment due to the outages of electronic health records, along with long waits for test results in Michigan hospitals, the Detroit Free-Press reported Tuesday.

Ascension, based in St. Louis, operates 140 hospitals and 40 senior centers in 19 states and Washington, D.C., along with many clinics and outpatient facilities.

Three months after disclosing a ransomware attack, Change Healthcare, a subsidiary of UnitedHealth Group, continues to deal with the fallout. Cybersecurity analysts and healthcare leaders say the Change Healthcare attack is the most damaging on record in the U.S. health sector. Hospitals and clinics have suffered financial damage, since many providers use Change Healthcare to handle a host of business functions.

When it comes to ransomware attacks, all industries, including healthcare, are seeing “a greater increase in frequency and a greater increase in severity,” says Kevin Pierce, chief product officer of VikingCloud, a cybersecurity company.

Healthcare leaders need to recognize that cybersecurity must be a system-wide priority, and one that goes far beyond the information technology department, Pierce tells Chief Healthcare Executive®.

“It's a problem that is not only an organizational problem for the people in the organization, and those I'm serving. It's a problem that affects everyone,” Pierce says. “The Ascension ransomware attack … it's affecting multiple states, multiple locations. Patients of those locations are in some cases being rerouted to other facilities. So it is a problem that affects everyone.”

Federal officials issued a warning last week about a ransomware group known as Black Basta, an organization that has targeted the health sector and other critical industries. Black Basta offers ransomware-as-a-service and its affiliates have impacted more than 500 organizations worldwide, federal officials say. Ransom notes typically give organizations 10 to 12 days to pay before publishing private information.

Hospital systems, including some large systems, have suffered ransomware attacks. CommonSpirit Health suffered a ransomware attack in 2022 that affected more than 100 of its facilities, the organization said. Ardent Health Services also said it experienced a ransomware attack last year, which delayed some elective procedures and forced hospitals to divert ambulances to other facilities.

• Read more: Understanding the ‘blast radius’ of cyberattacks