Ascension Health System Reeling from Massive Cyberattack
The nationwide health care system Ascension is grappling with the aftermath of a severe ransomware attack that began on May 8, 2024. The cyberattack has disrupted hospital operations across Ascension’s 140 facilities in 19 states and the District of Columbia, severely affecting patient care and operational efficiency.
Impact on Healthcare Operations
The cyberattack led to the shutdown of critical electronic systems, including electronic health records (EHR), phone systems, and platforms used to order tests, procedures, and medications. Consequently, hospital staff have reverted to manual processes, such as handwritten notes and paper orders, causing significant delays and errors.
Kris Fuentes, a nurse in the neonatal intensive care unit at Ascension Seton Medical Center in Austin, described the situation as chaotic and reminiscent of healthcare operations from two decades ago. “It’s kind of like we went back 20 years, but not even with the tools we had then,” Fuentes remarked, highlighting the confusion and inefficiency brought about by the sudden shift away from digital systems.
In Wichita, Kansas, Marvin Ruckle, a NICU nurse at Ascension Via Christi St. Joseph, recounted a near-miss incident where he almost administered the wrong dose of a narcotic to a baby due to confusing paperwork. Such incidents underscore the increased risk of medical errors in the absence of automated safety checks.
Broader Consequences
The disruption has been particularly acute in emergency departments. At Ascension St. John in Detroit, doctors have had to divert major heart attack patients to other hospitals and have faced significant delays in obtaining test results. One ER doctor described the experience as operating in “a disaster area” with food carts and handwritten notes replacing standard digital communication systems.
The cyberattack has also forced the cancellation of elective surgeries and routine appointments, with some facilities, like Ascension Borgess in Kalamazoo, reporting that they are handling significantly fewer cases than normal. A nurse there noted the enormous safety concerns posed by having physicians write out orders by hand, a practice unfamiliar to many staff members.
Response and Recovery Efforts
Ascension has engaged cybersecurity firm Mandiant to assist in investigating and remediating the attack. The health system is offering credit monitoring and identity theft protection services to potentially affected individuals. However, as of the latest updates, there is no clear timeline for when normal operations will resume. Ascension’s management has been criticized for insufficient communication with staff, leaving many feeling “kept in the dark” about the situation.
John Clark, an associate chief pharmacy officer at the University of Michigan health system, emphasized that most healthcare systems are not prepared for prolonged disruptions of this magnitude, noting that emergency plans typically cover downtimes of only a few days.
Future Implications
This incident underscores the growing vulnerability of healthcare systems to cyberattacks and the critical need for robust cybersecurity measures. As healthcare increasingly relies on digital systems, ensuring these systems’ security and resilience is paramount to maintaining patient safety and operational integrity.
