Due to the ongoing impact of a recent ascension cyberattack, staff at Ascension hospitals are having to rely on manual workarounds.
The national health system – which operates over 140 facilities across 20 locations – detected unusual network activity on May 8th.
While investigations continue, representatives confirmed the incident affected Ascension’s electronic health records and ordering systems. As a result, hospital employees have no choice but to hand-write patient notes and physically deliver orders for tests, procedures, and medications between departments.
The technical issues persist as teams work to resolve the situation and restore normal digital operations following the ascension cyber attack. Ascension is one of the largest non-profit health systems in the United States, serving communities across multiple states.
Certain phone functions have also been “offline,” preventing patients from accessing portals to “view medical records and get in touch with their doctors,” a spokesperson said.
Faced with these interruptions, hospital employees had no choice but to shift to “manual and paper based” work processes. As an Ascension spokesperson stated in a May 8th statement, “Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.”
Kris Fuentes, who works in the neonatal intensive care unit at Ascension Seton Medical Center in Austin, recalled a time when “paper charting was the norm.” However, she noted that after relying on digital systems for so many years, her hospital was not truly “ready to make such an abrupt shift” back to manual methods.
“It’s kind of like we went back 20 years, but not even with the tools we had then,” Fuentes said. “Our workflow has just been really unorganized, chaotic and at times, scary.”
Disruption Caused by Ascension Cyberattack Has Introduced Errors
Fuentes explained that orders for medication, labs and imaging are being handwritten and then distributed by hand to various departments, whereas typically such requests are quickly accessed via computer. Due to a lack of usual safety checks with these backup methods, errors have been introduced, she stated, adding that every task is taking longer to complete.
As Fuentes further described, “Medications are taking longer to get to patients, lab results are taking longer to get back. Doctors need the lab results, often, to decide the next treatment plan, but if there’s a delay in access to the labs, there’s a delay in access to the care that they order.”
As of Tuesday, Ascension still had not provided a timeline for resolution for the ascension breach and reported continuing to work with “industry-leading cybersecurity experts” to investigate the ransomware attack and restore compromised systems. The FBI and Cybersecurity and Infrastructure Security Agency (CISA)were also assisting with the investigation.
While Ascension facilities stayed open, a representative noted on May 9th that in some cases, “emergency patients were being triaged to different hospitals, and some non-emergent appointments and procedures were postponed.” Certain Ascension pharmacies were not operational, so patients were asked to bring in prescription bottles or numbers.
Those enrolled in Ascension health insurance plans were directed to mail in monthly payments during the outage of electronic payment processing.
The May 2022 Ascension health cyber attack came after a major ransomware attack in February on Change Healthcare, a company owned by UnitedHealth. The attack left millions of Americans’ health data exposed and led to delays in processing health care claims and filling prescriptions, as reported by the Associated Press.
In questionings by the Senate Finance Committee in May, UnitedHealth’s CEO acknowledged the company did not have adequate cybersecurity measures in place to prevent such an attack, such as multi-factor authentication.
The repercussions of the Change Healthcare attack lingered into the spring. A survey by the American Hospital Association found that 94% of hospitals reported financial impacts. Additionally, the American Medical Association reported that 80% of surveyed members were experiencing financial struggles. Many medical practitioners were still struggling to submit and receive payment for claims as late as April.
In response, the U.S. Department of Health and Human Services announced on June 6th it would invest over $50 million towards a cybersecurity initiative aimed at creating tools to help hospitals better defend against these types of threats.
Regarding the May 8th Ascension security breach, representatives have not yet confirmed whether patient data was compromised. However, Ascension stated they will contact affected individuals if they determine any sensitive data was accessed.