Consequences of cyber attacks: problems with Ascension and DocGo fail

In the wake of cyberattacks, large healthcare organizations must grapple with cleaning up systems and data breaches, potentially harming patient care due to service disruptions. cost and gathering regulatory oversight of security vulnerabilities.

This week we learned that the May 8 attack on Ascension left a former hospital with system outages for operations that had yet to be migrated to its new owner, The Guthrie Clinic, and that an attack on DocGo exposed U.S. patient data.

Despite the breach, DocGo expects record profits this year, while CommonSpirit reported improved financial results a year and a half after the massive patient data breach, crediting telehealth and other measures for increased efficiency.

Ascension attack ensnares Guthrie Hospital

On the day of the ransomware attack on Ascension, Guthrie Lourdes Hospital in Binghamton, New York, became aware that certain systems still connected to its former parent organization were not functioning, the hospital spokesperson said. information about malfunctions.

“Although Lourdes became part of The Guthrie Clinic in Februarythe hospital and associated clinics will maintain a number of temporary connections to the Ascension network, while a permanent and organized migration to Guthrie systems may be phased in,” the New York hospital explains on its website.

“This cyber event occurred before a full transition could be completed.”

Guthrie said his IT team had severed Lourdes’ connections to the affected systems Ascension ransomware attack did not affect other Guthrie facilities.

“The Lourdes Hospital Emergency Department is open and will never turn away patients seeking care.”

However, prescriptions at Lourde cannot be filled, the health care system said on May 13.

Guthrie advised affected patients to contact the providers for a paper prescription that can be filled at other pharmacies, including Guthrie’s nearby hospitals in Corning and Sayre, Pennsylvania.

Ascension patients in multiple states are finding care strained as systems are slowly restored.

DocGo reports data breach

DocGo, a provider of outpatient and remote patient monitoring in the US and UK, filed a notice with the US Securities and Exchange Commission on May 7 over US patient data breached in a recent cyberattack.

“As part of its investigation, the Company determined that the threat actors accessed data, including certain protected health information, from a limited number of medical records within the Company’s U.S.-based ambulance transport operations, and that no other lines of business did so .” been involved,” DocGo said in the SEC filing.

DocGo said its business operations were not affected, but provided few details about the attack. IT news in healthcare’ sister publication, MobiHealthNewscontacted on May 9, but the company declined to comment on the breach.

It was released a day after the company reported the breach to the SEC significant first quarter gainsciting an increase in total revenue to $192.1 million, compared to $113 million in the same period last year.

DocGo expects to generate between $280 and $300 million by 2024.

“This impressive growth is indicative of our ability to execute and deliver transformative performance over the long term,” CEO Lee Bienstock said in a statement.

Improve CommonSpirit’s financial results

Despite suffering a debilitating cyber attack in October 2022, CommonSpirit showed year-over-year financial performance improvements compared to 2023, according to a rack Wednesday from the for-profit healthcare organization.

CommonSpirit reported operating revenues of $9.25 billion and operating expenses of $9.62 billion for the quarter ended March 31, compared to revenues of $8.45 billion and expenses of $8.92 billion for the same period last year.

“We are pleased with the continued improvement in our financial performance,” said Dan Morissette, Chief Financial Officer of CommonSpirit, in a statement.

Higher volumes drove the financial improvements – admissions increased 4.5%, outpatient visits increased 2% and emergency room visits were 3.9% higher than last year – along with
“efficiency gains and reduction of length of stay,” the company said.

The resulting breach affected the protected data of several hospitals that are part of Virginia Mason Franciscan Health, owned by Chicago-based CommonSpirit.

CommonSpirit said in 2022 that integrating telebehavioral care through Teledoc Health into its electronic health records as consultation liaison services was one way to reduce length of stay.

“When analyzing these metrics, we concluded that the benefits of telebehavioral healthcare met our key objectives: a decrease in length of stay, a decrease in costs, and an increase in satisfaction and expectations of care,” says John Mackenzie, clinical program manager at CommonSpirit Telehealth Network. , told Healthcare IT news.

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.