From Crisis to Continuity: Ascension Ransomware's Ongoing Toll on Healthcare

 

In response to a recent ransomware attack that affected the care of eight Detroit-area hospitals, Ascension Michigan is providing more information about how a recent ransomware attack is affecting patient care. In May, St. Louis-based Ascension reported a major attack on its nationwide healthcare services, which resulted in some hiccups in the care nationwide. 

Ascension has been working hard to resolve those issues. There are hospitals in Novi, Rochester Hills, Southfield, Madison Heights, Warren, Detroit, East China Township and Grand Blanc that are all located in Southeast Michigan. It is still a fact that some of the patient documentation and records are still being handled manually and on paper since the attack occurred, which is still in effect in some cases.

A statement from Ascension Michigan late Monday, May 13, said that all 15 Michigan hospitals, physician offices, and care centres remain open, but things are not as normal as they seem. Even though Ascension hospitals and facilities are open and continuing to care for patients, the system says that some of their patient services are being affected. Some procedures, appointments, and tests have been postponed because of the cyberattack. 

To cope with the cyberattack, some Ascension hospitals are diverting patients to other hospitals. According to the system, appropriate steps are being taken to handle emergencies appropriately. In a statement issued by Ascension, the company said, “Safety remains our top priority as we navigate this cybersecurity incident.” Ascension operates 140 hospitals and 40 senior centres in 19 states and Washington, D.C. Based in St. Louis, the company runs 140 hospitals and 40 senior centers. 

A statement has been issued by Ascension that the patient portal MyChart and electronic health records have gone offline. Paper records are used in the system and orders for medication, diagnostic tests, and other records are completed manually by the doctor. According to the St. Louis-based parent company, which announced a ransomware attack about a week ago, the system is making some progress after working around the clock over the weekend. 

Besides the Saint Thomas hospital system that it runs throughout the state, the company also operates several other healthcare facilities, including physical therapy offices, sleep centres, and heart hospitals as well. Throughout the event on May 8, Ascension was providing updates on the situation. The following day, the company issued a statement stating it was working with several law enforcement agencies to investigate a suspected ransomware attack that was detected on the company's servers. 

The company also confirmed the next day that the unusual activity had been caused by ransomware. Several organizations, including the American Hospital Association, have pointed to Black Basta, a well-known Russian-speaking ransomware gang, as being responsible for the attack. The company has not yet commented on who is behind the attack. The U.S. government requires health companies to report breaches that affect more than 500 people within 60 days. 

The Department of Health and Human Services is responsible for health care delivery. Ascension has not yet been listed in the agency's complaint portal which indicates that it is investigating this attack. Although there have been 23 other cases of these sorts in Tennessee over the past few years, the report does mention 23 others. Among black market data, health data is worth more than credit card numbers and social security numbers on the black market. 

Over the past five years, there has been at least a double-digit increase in cyberattacks targeting U.S. healthcare companies. Throughout each of Ascension Michigan's emergency departments, walk-in patients are welcome to receive care, according to the statement. The "diversion process" in some cases has been implemented in Ascension facilities, in which ambulances bypass these facilities and go to another location instead of going to an Ascension facility. 

Several factors may affect the decision to divert patients, as well as several factors in your community, such as the severity and frequency of the case, the service lines available, and the availability of the facility. Ascension said it had communicated with emergency medical service providers regarding the facility's availability. 

According to a press statement issued by Ascension, patients suffering from medical emergencies are advised to call 911 and first responders will send them to the appropriate hospital based on their needs. According to the statement released by Ascension, the project will affect different Michigan hospitals in different ways. Ascension Ransomware Incident Continues to Impact Patient Services In the aftermath of the recent Ascension ransomware attack, patients scheduled for elective surgeries are advised to adhere to their original appointments unless otherwise notified by Ascension staff. However, due to the transition to manual systems for patient documentation, patients may experience prolonged wait times and potential delays during their visits. 

To expedite the process, patients are encouraged to bring detailed notes on their symptoms and a comprehensive list of current medications, including prescription numbers or bottles. Diagnostic tests, crucial for patient care, have faced temporary delays in some facilities as resources are redirected to prioritize inpatient and emergency services. Patients requiring rescheduled diagnostic imaging and testing will be promptly contacted by Ascension. 

Despite the operational challenges posed by the attack, Ascension Michigan's doctor’s offices and care sites remain open during regular business hours, with scheduled appointments proceeding as planned in most cases. Patients will be notified promptly if rescheduling becomes necessary. Similarly, patients are advised to carry comprehensive documentation of their symptoms and medications to facilitate smooth consultations. Pharmacy services within the Ascension network continue to operate, albeit with certain limitations. 

While prescriptions can still be filled, patients are requested to provide their prescription bottles from prior fills. Furthermore, Ascension pharmacies are unable to process credit card payments at this time. Ascension has not provided a definitive timeline for the restoration of normal system operations. Additionally, the organization is conducting an ongoing investigation, in collaboration with the FBI, to ascertain the extent of any potential compromise to patients' personal information. 

Affected patients will be duly notified if their data has been impacted. Of notable significance, the ransomware incident occurred amidst an ongoing joint venture between Ascension and Henry Ford Health, aimed at integrating eight southeast Michigan Ascension hospitals and an addiction treatment facility in Brighton into the Henry Ford Health System. This venture, announced in the previous fall, is anticipated to be finalized and branded Henry Ford Health in the summer of 2024.

It is important to clarify that this venture does not constitute a merger or acquisition, as stated by both healthcare entities. In conclusion, while Ascension works diligently to restore normalcy to its operations, patients are encouraged to remain vigilant and patient amidst any potential disruptions to their healthcare services.