In a troubling development that highlights the growing vulnerability of healthcare systems to digital threats, Ascension, one of the largest non-profit health systems in the United States, has fallen victim to a major cyberattack. The incident, which came to light on May 23, 2024, has caused significant disruptions to patient care across numerous hospitals and healthcare facilities operated by Ascension.
The cyberattack, believed to be a sophisticated ransomware operation, has compromised Ascension’s electronic health record systems, communication networks, and various critical IT infrastructure components. As a result, hospitals within the Ascension network are grappling with a range of challenges that are directly impacting patient care and daily operations.
Dr. Joseph Kerschner, Chief Medical Officer at Ascension, addressed the situation in a press conference, stating, “We are facing an unprecedented crisis that is affecting our ability to deliver care at the level our patients expect and deserve. Our teams are working around the clock to restore our systems while ensuring that we continue to provide essential medical services.”
The attack has led to the postponement of non-emergency surgeries and procedures across multiple Ascension facilities. Patients like Sarah Thompson, who was scheduled for a knee replacement surgery at Ascension Columbia St. Mary’s Hospital in Milwaukee, have found their treatments delayed indefinitely. “It’s frustrating and scary,” Thompson said. “I’ve been waiting for months for this surgery, and now I don’t know when it will happen.”
Emergency departments within the Ascension network are experiencing significant strain as they attempt to operate without access to electronic patient records. Dr. Michael Osterholm, an infectious disease expert at the University of Minnesota, expressed concern about the potential consequences. “In emergency situations, quick access to a patient’s medical history can be life-saving. Operating without this information puts both healthcare providers and patients at risk,” Osterholm explained.
The cyberattack has also disrupted medication management systems, forcing hospital staff to revert to manual processes for prescribing and administering drugs. This has raised concerns about potential medication errors and delays in treatment. Nurse practitioner Lisa Chen from Ascension Seton Medical Center in Austin, Texas, described the challenges: “We’re having to double and triple-check everything manually. It’s time-consuming and stressful, but patient safety is our top priority.”
As Ascension works to resolve the crisis, cybersecurity experts are warning that this attack could be part of a larger trend targeting healthcare institutions. Tom Kellermann, Head of Cybersecurity Strategy at VMware, commented on the situation: “Healthcare systems are increasingly becoming prime targets for cybercriminals due to the critical nature of their services and the sensitive data they hold. This attack on Ascension should serve as a wake-up call for the entire industry.”
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have been called in to assist with the investigation and recovery efforts. In a joint statement, the agencies said, “We are working closely with Ascension to identify the perpetrators and mitigate the impact of this attack. We urge all healthcare organizations to review and strengthen their cybersecurity measures immediately.”
Ascension has not disclosed whether a ransom demand has been made or if any patient data has been compromised. However, the health system has advised patients and staff to be vigilant about potential phishing attempts and to report any suspicious activities.
The incident has reignited debates about the need for stronger cybersecurity regulations in the healthcare sector. Senator Mark Warner, chair of the Senate Intelligence Committee, called for immediate action: “This attack on Ascension demonstrates the urgent need for comprehensive legislation to protect our critical healthcare infrastructure from cyber threats. We cannot afford to wait for the next crisis to act.”
As Ascension continues its efforts to restore its systems, patients are being advised to contact their healthcare providers directly for any urgent medical needs. The health system has set up a hotline for patients to check on the status of their appointments and to receive updates on the situation.
The cyberattack on Ascension serves as a stark reminder of the vulnerabilities in our increasingly digitized healthcare system. As hospitals and health systems continue to rely more heavily on technology, the need for robust cybersecurity measures becomes ever more critical. The coming days and weeks will be crucial as Ascension works to recover from this attack and as the healthcare industry at large grapples with the implications of this latest cybersecurity breach.
