A cyberattack forces a big US health system to divert ambulances and take records offline
TOPEKA, Kan. — A cyberattack on the Ascension health system, which serves 19 U.S. states, forced some of its 140 hospitals to divert ambulances, caused patients to delay medical tests and blocked online access to patient records.
A spokesperson for Ascension said it had detected “unusual activity” on its computer network systems on Wednesday. Officials declined to say whether the Catholic nonprofit health care system, based in St. Louis, was the victim of a ransomware attack or if it had paid a ransom, and did not immediately respond to an email requesting updates.
But the attack had the hallmarks of ransomware, and Ascension said it had enlisted the help of Mandiant, Google’s cybersecurity unit that is a leading response to such attacks. Earlier this year, a cyberattack on Change Healthcare disrupted healthcare systems across the country, and the CEO of its parent company, UnitedHealth Group Inc., acknowledged in testimony before Congress that it had paid a $22 million ransom in bitcoin.
Ascension said both its electronic records system and the MyChart system that gives patients access to their records and allows them to communicate with their doctors were offline.
“We have determined this to be a cybersecurity incident,” Ascension’s national spokesperson said. “Our research and restoration work will take some time, and we do not have a timeline for completion.”
To prevent the automated spread of ransomware, hospital IT officials typically take electronic medical records and appointment scheduling systems offline. UnitedHealth CEO Andrew Witty told congressional committees that Change Healthcare immediately disconnected other systems to prevent the attack from spreading during the incident.
The Ascension spokesperson’s latest statement, issued Thursday, said ambulances had been diverted from “several” hospitals without naming them.
In Wichita, Kansas, local news reports said local emergency medical services began diverting all ambulance calls from hospitals there on Wednesday, although the spokesperson for the health care system there said Friday that the complete ambulance diversion ended Thursday afternoon.
The ambulance service for Pensacola, Florida, also diverted patients from Ascension Hospital there to other hospitals, the spokesperson told the Pensacola News Journal. And WTMJ-TV in Milwaukee reported that Ascension patients in the area said they were missing CT scans and mammograms and unable to refill their prescriptions.
Ascension said the system expected to use “downtime” procedures “for some time” and advised patients to bring notes about their symptoms and a list of prescription numbers or prescription bottles to appointments.
At two Wichita hospitals, staffers were forced to use pen and paper and announce medical emergencies over the PA system because their pagers failed, a spokesperson for the union that monitors workers at those hospitals told The Wichita Eagle.
Cybersecurity experts say ransomware attacks have increased significantly in recent years, especially in healthcare. Ransomware gangs are increasingly stealing data before activating data-encrypting malware that cripples networks. The threat of exposing stolen data is used to extort payments. That data can also be sold online.
“We are working around the clock with internal and external advisors to investigate, contain and recover our systems,” the Ascension spokesperson’s latest statement said.
In the Change Healthcare cyber attack earlier this year, hackers entered a server that lacked multi-factor authentication, a basic form of security. It was not clear Friday whether the same group was responsible for the Ascension attack.
Change Healthcare provides technology used by physician practices and other healthcare providers to file and process billions of insurance claims each year. The attack slowed insurance reimbursements and put pressure on doctors’ offices across the country.
After hackers gained access in February, they unleashed a ransomware attack that encrypted and froze large parts of the company’s system.
Witty said the company’s core systems were now fully functional. But company officials have said it could take several months of analysis to identify and notify those affected by the attack.
They have also said they see no sign that medical charts or full medical histories have been released after the attack. Witty said the company, which acquired UnitedHealth in 2022, had been using data centers for some of its storage but would move to more secure cloud storage.
Witty told senators that UnitedHealth is “consistently” under attack. He said his company fends off a burglary attempt every 70 seconds.
A ransomware attack in November prompted the Ardent Health Services system, which operates 30 hospitals in six states, to divert patients from some of its emergency rooms to other hospitals while delaying certain elective procedures. User access to information technology applications, such as software used to document patient care, was also suspended.
___
Murphy reported from Indianapolis.