Massive Cyberattack Causes Disruption at Ascension Healthcare, Impacting Medical Procedures and Medications

A major cyberattack on Ascension, one of the largest healthcare systems in the US with over 140 hospitals and 25,000 beds spread across 19 states and Washington D.C., has caused significant disruptions to operations. Patients have reported missing scheduled medical procedures, including CT scans and mammograms, while some hospitals have been forced to divert ambulances due to the outage of electronic records systems and the MyChart service that enables patients to view their records online and communicate with their doctors electronically. The attack has also impacted access to medications, leaving patients unable to refill prescriptions. The Ascension spokesperson stated that the attack constituted a “cybersecurity incident” and that restoration efforts would continue for an undetermined length of time. At two hospitals in Wichita, Kansas, staff members were compelled to resort to pen and paper in place of digital communication methods due to the breakdown of paging systems. This incident follows a similar attack on Change Healthcare, which significantly disrupted the processing of insurance claims across the US in February. The perpetrators behind the Ascension cyberattack remain unknown, and it is uncertain if it is linked to the previous attack on Change Healthcare. Cybersecurity experts have noted a surge in ransomware assaults, particularly against healthcare facilities, in recent times. These attacks frequently involve the theft of sensitive data prior to the activation of data-encrypting malware that immobilizes networks, with the threat of releasing the stolen data being employed to extract payment. It is still unclear if Ascension opted to pay a ransom following the cyberattack, and the organization failed to respond to requests for comment. In February, Change Healthcare, a firm owned by UnitedHealth Group Inc. And providing technology for insurance claim submission and processing, experienced a cyberattack that resulted in a significant delay in insurance reimbursements for doctor’s offices throughout the nation. After hackers gained access to the company’s servers in February, they unleashed a ransomware attack that rendered vast portions of the company’s systems inoperable. The company’s CEO, Andrew Witty, informed Congress earlier this month that his organization paid a $22 million ransom in Bitcoin. The company’s critical systems have since been restored, but officials have warned that it might take several months to analyze the effects of the attack. They added that no indications of the release of patient charts or medical records have been observed following the attack. Witty informed Congress that his firm is repeatedly attacked, with a thwarted attempt occurring roughly once every 70 seconds.