A ransomware attack in May against Ascension, one of America’s largest hospital chains, has severely disrupted operations and patient care at its more than 140 hospitals across at least 10 states. Doctors, nurses and other clinicians have reported weeks-long outages of key technology systems, medication errors, delays in lab results, and a lack of routine safeguards – lapses they say have put the health of patients at risk.
The May 8 cyberattack locked Ascension out of electronic medical records systems, some phones, test and medication ordering platforms, and other tools essential for the coordination of patient care. While Ascension said its clinicians are “trained for these kinds of disruptions,” many on the frontlines feel unprepared.
Ascension Hospitals Cyberattack Places Strain on Staff
“I had no training for this,” said Marvin Ruckle, a neonatal ICU nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, who nearly gave a baby the wrong dose of medication. Lisa Watson, a critical care nurse who works at the same hospital, says she almost administered the wrong drug to a critically ill patient because she couldn’t scan it electronically. “My patient probably would have passed away,” she said.
Doctors and nurses across Ascension report relying on paper records, handwritten notes, faxes and basic spreadsheets to deliver care – many cobbled together in real time. An ER doctor in Detroit said a mix-up due to paperwork issues led a patient to receive the wrong narcotic and end up on a ventilator. In Baltimore, ICU nurse Melissa LaRue described narrowly avoiding giving an incorrect blood pressure medication dosage due to confusion from paperwork.
Several clinicians said errors could threaten their licenses, but patient privacy laws prevented verifying their accounts. Ascension declined to address specific claims but said in a statement it is “confident that our care providers…continue to provide quality medical care.”
Ascension Hospitals’ Staff Urge Changes
While federal regulations require safeguarding patient data, hospitals currently face no cyberattack preparation or prevention mandates. Experts regard health care as the top target for ransomware attacks, which are rising exponentially. Proposed regulations are pending, but timelines and requirements remain unclear.
Nurses and doctors urging reforms at Ascension say cyberattacks should be treated similarly to natural disasters, with contingency plans that account for outages lasting weeks or longer. Many also echoed a plea for more staff support to shoulder the additional workload.
“We implore Ascension,” one Michigan clinician wrote, “to recognize the internal problems that continue to plague its hospitals, both publicly and privately, and take earnest steps toward improving working conditions for all of its staff.”
While the Biden administration has pushed for stronger cybersecurity standards in health care, the new requirements are still in development. Meanwhile, hospital industry lobbyists argue mandates could divert resources from cybersecurity efforts.
These incidents prove that patients may ultimately pay the price when hospitals fall victim to cybercrime, while staff experience additional burden affecting routine practice and judgement.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
