A cyberattack on a big US health system diverts ambulances and takes records offline

TOPEKA, Kan. (AP) — A cyberattack on the Ascension health system across the U.S. diverted ambulances, caused patients to miss medical visits and blocked online access to their records.

An Ascension spokesperson said it detected “unusual activity” Wednesday on its computer network systems and that both its electronic records system and the MyChart system that gives patients access to their records and allows them to communicate with their doctors were offline. The non-profit Catholic health system, headquartered in St. Louis, has 140 hospitals and about 25,000 beds in 19 states and the District of Columbia.

The Ascension spokesperson’s statement said ambulances had been diverted from “several” hospitals without naming them. In Wichita, Kansas, local news reports said the local emergency medical services started diverting all ambulance calls from its hospitals there Wednesday, though the health system’s spokesperson there said Friday that the full diversion of ambulances ended Thursday afternoon.

And WTMJ-TV in Milwaukee reported that Ascension patients in the area said they were missing CT scans and mammograms and couldn’t refill prescriptions.

READ MORE Appeals court upholds Steve Bannon’s contempt of Congress conviction The Biden-Netanyahu relationship is strained like never before. Can the two leaders move forward? Men behind the doomsday seed vault in the Arctic win World Food Prize

“We have determined this is a cybersecurity incident,” the national Ascension spokesperson’s statement said. “Our investigation and restoration work will take time to complete, and we do not have a timeline for completion.”

The statement said the Ascension system expected to use “downtime” procedures “for some time” and advised patients to bring notes on their symptoms and a list of prescription numbers or prescription bottles with them to appointments.

At two Wichita hospitals, staffers were forced to use pen and paper and announce medical emergencies over the PA system because their pagers were down, a spokesperson representing the union covering those hospitals’ employees told The Wichita Eagle.

Cybersecurity experts say ransomware attacks have increased substantially in recent years, especially in the health care sector. Increasingly, ransomware gangs steal data before activating data-scrambling malware that paralyzes networks. The threat of making stolen data public is used to extort payments. That data can also be sold online.

Ascension’s statement, issued Thursday, did not say whether it was the victim of a ransomware attack or whether it paid a ransom, and the system did not immediately respond Friday to an email seeking updates.

“We are working around the clock with internal and external advisors to investigate, contain, and restore our systems,” the spokesperson’s statement said.

Earlier this year, a cyberattack on Change Healthcare disrupted care systems nationwide after hackers entered a server that lacked multifactor authentication, a basic form of security. It was not clear Friday whether the same group was responsible for the Ascension attack.

Change Healthcare, owned by UnitedHealth Group Inc., provides technology used by doctor offices and other care providers to submit and process billions of insurance claims a year. The attack delayed insurance reimbursements and heaped stress on doctor’s offices around the country.

After hackers gained access in February, they unleashed a ransomware attack that encrypted and froze large parts of the company’s system. UnitedHealth CEO Andrew Witty told Congress earlier this month that his company paid a $22 million ransom in bitcoin.

Witty said the company’s core systems were now fully functional. But company officials have said it may take several months of analysis to identify and notify those who were affected by the attack.

They also have said they see no signs that doctor charts or full medical histories were released after the attack.

Witty told senators UnitedHealth is “consistently” under attack. He said his company repels an attempted intrusion every 70 seconds.

A ransomware attack in November prompted the Ardent Health Services system, operating 30 hospitals in six states, to divert patients from some of its emergency rooms to other hospitals while postponing certain elective procedures. It also suspended user access to information technology applications such as software used to document patient care.

___

Murphy reported from Indianapolis.