That's quite a list of Michigan hospitals hit in the past year. Maybe journalists should report the shorter list of who has NOT been hit, and find out why??

Another Ascension Michigan doctor said: "We have no access to medical records, no access to labs, no access to radiology or X-rays, no ability to place orders.

Data breaches are bad, of course.

But as for operability, WE TOLD THEM THIS FIFTEEN YEARS AGO. Sorry to yell, but can they hear us now?

It has always been people who make healthcare work - not computers. And mandated EHRs that served patients and clinicians well have always been the exception rather than the rule. 

No computers means people talk to each other more. This is actually a good thing for all of us. We should do more of it.

Patient perspective from Fox2 Detroit.

News video available at the hyperlink.

https://www.fox2detroit.com/news/ascension-hospital-cyber-attack-disrupts-patients-visit-for-potential-cancer-diagnosis

Ascension hospital cyber attack disrupts patient's visit for potential cancer diagnosis

By Jack Nissen and Lauren Edwards   Published  May 8, 2024 9:56pm EDT

 

According to the hospital group, 140 Ascension locations are affected by the cyber attack, as well as 40 senior living facilities. One patient FOX 2 spoke to said he saw people leaving the Southfield hospital amid a disruption in operations at the center.

SOUTHFIELD, Mich. (FOX 2) - A patient at Ascension Providence checked himself into the Southfield hospital this week amid fears that his cancer had returned. Instead, he found himself witnessing the fallout from a cyber attack that targeted more than a hundred hospitals around the U.S.

The chaos was on display Wednesday while Zackery Lopez waited hours for pain medication - a request that went unanswered for seven hours before a nurse finally brought him some relief. 

During that time, Lopez said he saw patients checking themselves out of Ascension Providence, located on Nine Mile.

"Right now it is crazy. Nurses are running around. Doctors are running around. There’s no computers whatsoever they can use," he said. "So, they’re actually using charts."

Using the physical copy of someone's medical data wouldn't be an issue for Lopez if he wasn't concerned that his personal information was at risk. But he told FOX 2 he hasn't gotten a satisfying answer.

"They really didn’t tell me if it was protected or not," he said. "They really kind of just brushed it off when I asked them. They say they’re trying to get everything back on, back on track." 

Lopez first checked himself into Ascension on Tuesday around 2 p.m. due to internal bleeding. He got admitted by a doctor, but was told he would have to wait for a room. As of Wednesday night, he still hadn't gotten into a room.

According to the hospital group, 140 Ascension locations are affected by the cyber attack, as well as 40 senior living facilities.

In a statement to FOX 2, the hospital said it first noticed "unusual activity" on its network on Wednesday. 

"Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. We have notified the appropriate authorities and are working to fully investigate what information, if any, may have been affected by the situation."

Bridge Michigan adds to the story.

Audio and images omitted here for space, remain available in the hyperlink.

https://www.bridgemi.com/michigan-health-watch/cyberattack-forces-ascension-hospitals-michigan-reroute-patients

Cyberattack forces Ascension hospitals in Michigan to reroute patients

May 10, 2024   |    Robin Erb 

Hackers on Wednesday broke into the patient health records and other systems at the Ascension hospital chain.

That put at risk medical information at the health-care giant’s 15 Michigan hospitals and caused at least one to send arriving patients elsewhere.

Patients should write down medications and symptoms, an Ascension spokesperson told Bridge Friday.

One of the nation's largest hospital chains remained under a cyber threat as the workweek closed — an attack that cut off access to the system’s electronic health records system, disrupted phones as well as scheduling and testing processes, and forced the rerouting of at least some Michigan patients. The attack also suspended some non-emergency elective procedures, tests and appointments.

What the weekend will hold is unclear.

Investigators are “working around the clock” to contain the breach and “restore our systems,” according to a statement by Ascension Thursday evening. “Our investigation and restoration work will take time to complete, and we do not have a timeline for completion.”

Ascension Michigan spokesperson Airielle Taylor said Friday the health system was “still detecting unusual activity.”

Related:

Henry Ford, Ascension Michigan to partner in latest health care shift
Experts: Henry Ford, Ascension Michigan venture likely to impact care, costs
University of Michigan restores internet access, still mum on security issue

On Thursday, patients arriving at Ascension Macomb-Oakland Hospital were rerouted under a diversion protocol, Taylor said.

But such problems “fluctuated,” she said. Other locations were not under a diversion protocol, but it was not clear if that would change, she said.

She said patients are advised to “have your medications written down and have your symptoms written down.”

The problems began Wednesday when the St. Louis-based hospital system “detected unusual activity on select technology network systems,” determining it to be a “cybersecurity event,” according to a statement released early Thursday.

That included patient records on MyChart, which allows patients to see their records, schedule appointments and talk with providers.

Ascension advised that its business partners “temporarily suspend the connection to the Ascension environment” until further notice.

The chain on Thursday sought to reassure the public that Ascension staff “are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.”

To divert patients from some locations throughout the 140-hospital system to other hospitals. Ascension has hospitals in 19 states, including 15 in Michigan. It also operates 40 senior living facilities.

The Ascension breach is the latest from a “constant threat and attack” by cyberattackers, said one cybersecurity expert that works with Michigan hospitals.

“Because it’s an ecosystem in which information is shared, it’s a system that can be vulnerable” to attack, said Eric Eder, president of CyberForce|Q, which operates the Michigan Healthcare Security Operations Center and works with the Michigan Health & Hospital Association, an effort in which hospitals and health-care systems share information as quickly as possible during a breach.

Eder declined to comment on the attack on Ascension. But speaking in generalities, he said attacks on health care are usually sophisticated and well-coordinated among many individuals, using bots and other automated means to search out a system’s vulnerabilities.

“There’s this image of the hacker over a laptop in a hoodie,” he said. 

Rather, “it’s a more coordinated effort with a mix of automated systems and human actors.”

Ascension is working with Mandiant, a third-party cybersecurity firm and subsidiary of Google, to assist in the investigation, according to its statement early Thursday.

Hospital officials said they were trying to determine “what, if any” information had been breached.

“Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” according to Ascension’s statement.

It's the latest in bad news for the health-care giant, which in recent months has shed properties after reporting a $3 billion loss in 2023.

In October, Detroit-based Henry Ford Health and Ascension Michigan announced their “joint venture” in which eight Ascension properties in southeast and mid-Michigan will take on the Henry Ford Health identity. And in March, Ascension agreed to shed three more hospitals, selling locations in Saginaw, Tawas and Standish to Midland-based MyMichigan Health.

Ascension personnel at Providence Rochester Hospital are getting skittish about continuing operations before the computer hack is resolved:

https://www.michiganpublic.org/health/2024-05-27/ascension-staff-petition-for-safety-precautions-amidst-ransomware-attack

Ascension staff petition for safety precautions amid ransomware attack
By Kate Wells | May 27, 2024

More than 100 people have signed a petition circulating among medical staff at Ascension Providence Rochester Hospital seeking a reduction in elective surgeries and non-emergent patient admissions, as well as more training, during the ongoing fallout from a ransomware attack.

Nearly three weeks after the ransomware attack seriously disrupted basic functioning at Ascension’s 140 hospitals nationwide, including 15 in Michigan, doctors and nurses throughout the state have been raising serious concerns about the impact to patient care. They still don’t have access to patients’ medical records. Safety protocols intended to reduce the risk of medication errors have been temporarily removed or disabled. Crucial lab and test results are taking hours or getting lost completely. And elective surgeries and patient transfers are still happening, despite some staff’s concerns.

“We, the members of Local 40 at Ascension Providence Rochester Hospital, are deeply concerned about the current challenges faced by our healthcare professionals due to the cyber hack incident and subsequent lack of access to patients’ electronic medical records,” the petition reads. It’s addressed to Ascension CEO Joseph Impicciche, Michael Wiemann, the president of Ascension Michigan, and other national and local administrators.

“In light of these circumstances, we demand that immediate safety precautions be implemented to ensure the well-being of both our members and the patients under our care … including but not limited to:

1. **Unit Shift Huddles**:

Implement daily unit shift huddles to ensure effective communication, coordination, and information sharing among healthcare professionals regarding patient care, safety protocols, and any emerging issues.

2. **Training Sessions**:

Conduct regular training sessions for staff members to enhance their knowledge and skills in navigating the challenges posed by the ongoing cyber hack incident and operating without access to electronic medical records.

3. **Weekly Progress Reports**:

Provide weekly progress reports to update staff members on the status of efforts to resolve the cyber hack incident, restore access to electronic medical records, and address any safety concerns or staffing issues.

4. **4:1 Nurse-to-Patient Ratio**:

Maintain a maximum 4:1 nurse-to-patient ratio until the matter is fully resolved to ensure that patients receive the level of care and attention they require, despite the challenges faced by our healthcare professionals.

5. **Reduction in Elective Surgeries & Non-Emergent Admissons**:

Temporarily reduce elective surgeries and non-emergent admissions to alleviate the strain on resources and prioritize care for critical patients.

These safety precautions are essential to safeguarding the well-being of both our members and the patients we serve during this challenging time. It is imperative that the hospital administration takes immediate action to address these concerns and prioritize the safety and quality of care for all individuals involved.

We, the undersigned, stand united in demanding these safety precautions be implemented without delay and call upon the hospital administration to prioritize the well-being of both staff and patients throughout this challenging period.”

A spokesperson for Ascension did not respond to the specifics in the petition, but sent a version of the same language the health system posted on its website on May 24:

"Ascension continues to work around the clock with industry-leading cybersecurity experts to safely restore operations across our network. We are hopeful that after the weekend, our patients and clinicians will see progress across our points of care. Many of our vendors and partners have also started the process of reconnecting to our network and resuming services with Ascension, which should help to accelerate our overall recovery.

"Despite the challenges posed by the recent ransomware attack, patient safety continues to be our utmost priority. We are grateful to our dedicated clinicians and care teams who are providing care under challenging circumstances. The compassion and resilience they have displayed throughout this event is truly remarkable and is emblematic of Ascension’s mission to improve the health of the individuals and communities we serve."

Ascension's IT department expects electronic records restoration in Michigan by June 14th.  Will it be a full restoration?

https://www.detroitnews.com/story/news/local/michigan/2024/06/05/ascension-to-restore-michigan-electronic-health-record-systems-by-june-14/73989009007/

Ascension to restore Michigan electronic health record systems by June 14
By Hannah Mackay - June 5, 2024

The Ascension health care system is working to restore electronic health record systems in Michigan hospitals by the end of next week, more than a month after a national cyberattack was detected.

Electronic record systems have already been restored at Ascension hospitals, physician offices and care sites in Florida, Alabama, Austin, Tennessee and Maryland markets and the health care system, according to an update posted Wednesday.

"Based on what we have learned about this process to date, we are working toward completing (electronic health record) restoration across our entire ministry by the end of the week ending June 14," the health care system said.

Ascension Rx retail, home delivery and specialty pharmacy sites in Michigan also have returned to normal operations, and providers can again transmit prescriptions to pharmacies electronically, according to an announcement Tuesday.

Ascension first detected unusual activity in its technology network systems on May 8 and determined it was a cybersecurity event. Initially, the electronic health records system, MyChart, some phone systems, and some systems used to order tests, procedures and medications were unavailable and Ascension facilities switched to downtime procedures or manual protocols like using paper records and processing everything by hand.

"As we have previously communicated, restoring Electronic Health Record (EHR) access has been among the top priorities of our recovery process," Ascension said. "As EHR is restored across the entirety of our networks, clinicians will be able to access patient records as they did prior to this incident."

Some elective procedures and appointments temporarily were paused last month and emergency services were diverted from several hospitals to ensure cases were triaged. All Ascension Michigan emergency departments currently are open and accepting transfers, according to a regional update. Diagnostic imaging and testing have been temporarily delayed at some local facilities to ensure resources are focused on inpatient and emergency services.

Meanwhile, appointments at Ascension Michigan sites are taking place as planned, although patients may experience delays due to the transition to manual systems, the health care system said.

"To help with delays, patients should bring notes on symptoms and a list of current medications, including prescription numbers or bottles," the update said. "In the event that appointments need to be rescheduled, an Ascension associate will contact patients directly."

Ascension's investigation into the cybersecurity event and the restoration of additional systems remains underway, the healthcare system said Wednesday. They previously announced they were working with forensic experts from three cybersecurity firms, Mandiant, CYPFER, and Palo Alto Networks Unit 42, to investigate the attack.

Ascension is mailing data breach notifications to 5,599,699 people compromised by a May cyberattack linked to the Black Basta RaaS ransomware operation.  Ascension will offer victims 24 months of free identity theft protection, including monitoring, and a $1,000,000 insurance reimbursement policy:

https://www.bleepingcomputer.com/news/security/ascension-health-data-of-56-million-stolen-in-ransomware-attack/

Ascension: Health data of 5.6 million stolen in ransomware attack
By Sergiu Gatlan - December 20, 2024

​Ascension, one of the largest private U.S. healthcare systems, is notifying nearly 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.

The health network reported a total revenue of $28.3 billion in 2023 and operates 140 hospitals and 40 senior care facilities across the United States.

The company now mails data breach notifications to 5,599,699 affected individuals via the United States Postal Service. Starting Thursday, December 19, Ascension also offers affected people 24 free months of IDX identity theft protection services, including CyberScan monitoring and a $1,000,000 insurance reimbursement policy.

Ascension says it notified law enforcement and government partners, such as CISA and the FBI, of the breach after detecting the May 8 attack.

"Upon discovering the unauthorized activity, we initiated an investigation with the assistance of leading cybersecurity experts," Ascension states in the breach notification letters. "Through this investigation, we found evidence that on May 7 and 8, a cybercriminal obtained a copy of certain files containing personal information of our patients and associates."

Since the breach, Ascension's investigation has revealed that some of the stolen files contained patients' and employees' names and information across one or more of the following categories (the specific type of exposed information varies from one individual to another):

1.  Medical information, such as medical record numbers, dates of service, types of lab tests, or procedure codes,
2.  Payment information encompassing credit card information or bank account numbers,
3.  Insurance information containing Medicaid/Medicare IDs, policy numbers, or insurance claims,
4.  Government identification information, including Social Security numbers, tax identification numbers, driver's license numbers, or passport numbers,
5.  And other personal information, such as dates of birth or addresses.

After the incident, Ascension revealed that the ransomware breach was caused by an employee who downloaded a malicious file onto a company device. However, it believes this was likely an "honest mistake," given that the employee thought they were downloading a legitimate file.

The ransomware attack impacted Ascension's MyChart electronic health records system, phones, and systems for ordering tests, procedures, and medications. It also forced the healthcare giant to take some devices offline on May 8 to contain what it initially described as a "cyber security event."

Following the incident, Ascension employees had to keep track of procedures and medications on paper, as they could no longer access patients' electronic records. The company also had to pause some non-emergent elective procedures, tests, and appointments and divert emergency medical services to other healthcare units to prevent triage delays.

While the healthcare giant has yet to link the May attack to a ransomware operation, CNN linked the Black Basta cybercrime gang to the incident (the ransomware group has yet to add Ascension to its data leak site). Days after the breach, the Health Information Sharing and Analysis Center (Health-ISAC) also warned that Black Basta "has recently accelerated attacks against the healthcare sector."

Since the operation emerged in April 2022, Black Basta has breached the networks of many high-profile victims, including German defense contractor Rheinmetall, outsourcing giant Capita, U.S. government contractor ABB, and the Toronto Public Library.

Joint research from Elliptic and Corvus Insurance shows that the ransomware gang collected over $100 million from more than 90 victims until November 2023.