DETROIT – Ascension hospitals and facilities across the country, including here in Michigan, were recently targeted in a ransomware attack that has disrupted operations.
The health care system reported last week that it was dealing with a cyber attack, affecting “clinical operations” at its 140 hospitals and dozens of senior living facilities in 19 states. Officials said this week that the security issue was actually a ransomware attack -- meaning someone (or someones) broke into Ascension’s computer systems, took hold, and were demanding ransom for its return.
It wasn’t clear whether ransomware attackers still had hold of Ascension’s systems as of Tuesday, May 14. The health care system did say Monday, however, that its operations have shifted slightly, and that employees have switched to offline processes in the meantime.
Here’s how patients are affected by the attack.
Operating hours for medical centers
All hospitals and doctors’ offices are open and operating their regularly scheduled business hours, Ascension said on Monday. Hospitals, physician offices, and other “care sites” are still open, despite the attack.
Doctor appointments are happening as regularly scheduled. Scheduled elective surgeries are also taking place as scheduled, unless the patient is notified of a change.
Diagnostic imaging, testing, and treatment are still available to patients. Officials did not say whether scheduled tests and treatment of this nature are happening as scheduled. We suggest getting in touch with your care team at the specific facility where you’re receiving treatment for more information.
Longer wait times due to cyber attack
Patients at doctors’ offices and hospitals might experience longer-than-usual wait times as a result of the ransomware attack.
This is because health care workers have switched to "manual systems for patient documentation,” Ascension said. The offline system may cause delays at health facilities.
Patients heading to an Ascension hospital or other care facility are being asked to prepare some information ahead of time to help move the process along more quickly.
"To help with delays, patients should bring notes on symptoms and a list of current medications, including prescription numbers or bottles,” Ascension said.
Prescriptions can get filled, but ...
Ascension says its retail pharmacies in Michigan are still able to fill prescriptions amid the operations disruption. However, patients cannot pay for prescriptions with a credit card.
Patients can pay for a prescription using co-pay or cash only. Patients who are getting a prescription refilled are being asked to bring their empty prescription bottles to the pharmacy.
Emergency rooms still open
Emergency departments at Ascension hospitals are still open and accepting walk-in patients.
Some Ascension hospitals are limiting the number of patients coming to their emergency rooms via ambulances, though. Ascension says “certain hospitals” are diverting ambulances carrying patients to a different facility in certain situations.
"It is a normal course of operation, a fluid practice, and is dependent on a number of factors, including case severity, service lines, and availability,” Ascension said.
It was not said which hospitals were carrying out this “diversion process.” Patients diverted away from an Ascension hospital would be taken to a different emergency room.
Still, anyone experiencing an emergency should call 911 and “local emergency services will transport you to the most appropriate hospital emergency room,” Ascension said.
See the full update from Ascension on their website here.
Cyber attacks are growing problem
Ransomware, a type of cyber attack, is a growing problem across the U.S. Ransomware groups break into a person’s, company’s, or institution’s computer system, take hold, and demand ransom for its return.
Ransomware attackers can threaten to publish or block access to important information and files. Ransomware attacks may target individuals or large organizations, like hospitals or government offices.
U.S. hospitals and health care systems have been a large target for ransomware groups in recent years. These ransomware attacks can significantly disrupt care at health care facilities, and have costed some health systems millions of dollars.
More generally, cyber attacks have ramped up across the board as our world, information, and everyday tasks become more digitized. Several experts have said cyber attacks have risen significantly in recent years across the globe, especially in 2023.
In a study supported by Apple, Professor Stuart Madnick found that “data breaches are now at an all-time high” for organizations in the U.S. A data breach is when someone (or someones) accesses sensitive consumer information without authorization to do so. That information may be shared or sold elsewhere.
“In just the first nine months of 2023, data breaches in the US ... already increased by nearly 20% compared to all of 2022 -- and organizations around the world have faced similar trends,” the study reads.
“These attacks are increasingly impactful because people are now living more of their lives online, meaning that corporations, governments, and other types of organizations collect more and more personal data -- sometimes with little choice from individuals. And because people’s most personal data can be exploited and sold for a significant profit, it’s become a growing target for cybercriminals.”
How to protect your information
Experts say that more than 2,200 cyber attacks occur each day in the U.S.
The following steps are recommended to help protect your information:
- Don’t use the same pin (passcode) for your cellphone lock screen and your bank.
- Don’t leave your device’s bluetooth on while in public spaces, when you can avoid it. Leaving your bluetooth on leaves you open for others to steal something.
- Ensure your router and/or Wi-Fi network are protected with a secure and unique password.
- Never hit “unsubscribe” on unsolicited spam. If you do this, you’re confirming your email address. Instead, mark the email as spam.
- Never click on ads for random sites. Instead, visit the actual website by going there yourself.
- Make better passwords that are at least 16 characters long.
- Enable multi-factor authentication for your accounts to add an extra layer of security.
- Another step you can take to better protect yourself and your information is to purchase a VPN, or a virtual private network, for your computers and/or phones. These private networks are meant to keep your activity and information secure. Some VPN companies offer services that can directly detect if your information has been leaked on the dark web.
- Ensure the operating systems on all of your devices are up to date at all times.
What should you do if you get hacked?
- First, disconnect your device from the internet immediately.
- Have your device looked at by a specialist. (Be cautious when calling phone numbers for technical support that you find online. Scam artists may create authentic-looking websites that appear affiliated with your device’s manufacturer.)
- Change all of your passwords.
- Closely monitor your financial information. Contact your bank to change your account and card numbers, or to freeze your accounts, if necessary.
- You can also request a credit freeze. Nationwide credit bureaus like Equifax, Experian and TransUnion allow people to institute a free credit freeze and request fraud alerts. Learn more about credit freezes and fraud alerts from the FTC here.
- Report the incident to the FBI online here.
Recent data breach examples
---> AT&T users’ Social Security numbers leaked on dark web: What to know (April 2024)
---> What Corewell Health patients in SE Michigan need to know after another data breach (December 2023)
---> Xfinity notifies its customers of data breach linked to software vulnerability (December 2023)
---> Hackers access personal data of 1 million Michiganders in national data breach (November 2023)
---> Flagstar Bank warns customers about serious data breach in US (October 2023)
---> Data breach at MGM Resorts expected to cost casino giant $100 million (October 2023)