Ascension: 'We do not have a timeline' for networks to be restored after cyberattack

Kristen Jordan Shamus, Detroit Free Press

The nation's largest Catholic health system said it was postponing some elective procedures, tests and appointments “out of an abundance of caution” after a cyberattack earlier this week paralyzed Ascension's computer network and other technological systems.

The network continued to be disrupted Friday at all 140 Ascension hospitals nationally, including 15 in Michigan, and the St. Louis-based nonprofit hospital chain acknowledged "we do not have a timeline" for when it will be restored.

Ascension said it is working to investigate the source of the breach, contain it and restore its systems. In the meantime, many hospitals are diverting ambulances to other health care facilities "to ensure emergency cases are triaged immediately."

Ascension St. John Hospital in Detroit.
Ascension St. John Hospital in Detroit.

“Systems that are currently unavailable include our electronic health records system, MyChart (which enables patients to view their medical records and communicate with their providers), some phone systems, and various systems utilized to order certain tests, procedures and medications," Ascension's statement said.

Appointments that are "temporarily paused" during the outage will be rescheduled, and Ascension is urging patients who seek treatment at this time to:

  • Bring notes detailing their symptoms and medical history to appointments.

  • Bring a list of current medications and the prescription numbers or the prescription bottles to appointments so refills can be manually called in to pharmacies.

Employees noticed the computer network problems about 7 a.m. Wednesday, said three workers who spoke on the condition of anonymity out of fear of job repercussions.

"There was a security concern, so they shut down the system," one physician told the Free Press at the time. "It's affecting everything."

Ascension, which also owns 40 senior living facilities, said it is working with Mandiant, a cybersecurity consulting company, to investigate and help determine what information, if any, was compromised in the cyberattack.

More: Cyberattack hits Ascension hospitals' computer networks: 'It's affecting everything'

More: Increasingly common, health care cyberattacks now even target patients with ransom

"Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines," Ascension said in a statement.

CNN reported Friday that Black Basta ransomware was involved in the Ascension cyberattack, which involved hackers who tried to lock the health system's computer network and steal its data.

Cyberattacks are becoming increasingly common in health care, often affecting protected health information along with other data, such as account numbers, Social Security numbers, phone numbers and addresses.

In April, Cherry Street Services Inc., also known as Cherry Health, alerted 180,747 Michigan residents that their personal information had been compromised in a ransomware attack that occurred Dec. 21.

"Third-party forensic experts were retained to assist in an investigation of the nature and scope of the breach," said Danny Wimmer, press secretary for state Attorney General Dana Nessel. "While unable to pinpoint (the) root cause of the breach, through the investigation, Cherry was able to discern the types of data compromised: full name, address, date of birth, phone number, health insurance information, patient ID number, provider name, service date, diagnosis/treatment information, prescription information, financial account information and/or Social Security numbers, and the identity of the persons impacted."

And more than 1 million Michiganders were affected by a cybersecurity breach at Welltok Inc., a software company contracted to provide communication services for Corewell Health's southeastern Michigan properties, along with a healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell. Though the breach occurred in May 2023, it wasn't until November 2023 that people were notified.

A ransomware attack led McLaren Health Care to take down the computer network at its 14 Michigan hospitals in late August and early September 2023, affecting about 2.5 million patients. The health system acknowledged that the attack also could have leaked some patient data onto the dark web. A ransomware gang known as BlackCat/AlphV claimed responsibility, posting online that it stole six terabytes of McLaren's data.

In late August 2023, the University of Michigan shut down its campus computer network after a hacker got access to the personal information of students and applicants, alumni and donors, employees and contractors, as well as the personal health information of research study participants, and patients of the University Health Service and the School of Dentistry.

In Michigan, Ascension has 15 acute-care hospitals, but is in the midst of trying to close deals that would split off eight of its southeastern Michigan hospitals and combine them with Detroit-based Henry Ford Health. Additionally, three of its hospitals in mid-Michigan and northeastern Michigan, along with a stand-alone emergency center and nursing home, are to be acquired by Midland-based MyMichigan Health.

If those deals are completed, only the following Ascension Michigan hospitals will remain as part of the health system's national holdings:

  • Ascension Allegan Hospital in Allegan

  • Ascension Borgess Hospital in Kalamazoo

  • Ascension Borgess-Lee Hospital in Dowagiac

  • Ascension Borgess-Pipp Hospital in Plainwell

Contact Kristen Shamus: kshamus@freepress.com. Subscribe to the Free Press.

This article originally appeared on Detroit Free Press: Cyberattack forces Ascension to divert ambulances, postpone procedures

Advertisement