Ascension, one of the largest health systems in the United States with 140 hospitals, faced a significant cyberattack that disrupted its operations. It was reported that the attack caused patient record systems to go offline, forcing medical staff to resort to paper records. This event is a stark reminder of the vulnerability of America’s health care system to cyberthreats.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

What was the immediate impact of the cyberattack?

The aftermath of the cyberattack was immediate and disruptive. Emergency crews had to divert patients to other hospitals, and staff had to implement manual workarounds. Essential systems like MyChart, phone services and electronic ordering for tests and medications were affected. The company has had to delay some elective procedures and appointments, urging patients to come prepared with detailed notes on their conditions.

Mother, daughter and doctor in hospital (Ascension) (Kurt “CyberGuy” Knutsson)

MORE: 5 BEST TELEMEDICINE APPS FOR VIRTUAL HEALTH CARE

Ascension’s response

Ascension’s response was swift, with an investigation launched to determine the extent of the breach. The health system, which is based in St. Louis, has not provided a timeline for service restoration but has assured us that they are working diligently to resolve the issues. Nurses and staff have had to adapt quickly, facing challenges such as accessing electronic health records and using devices like glucometers that rely on electronic identification systems.

Emergency sign outside hospital (Kurt “CyberGuy” Knutsson)

MORE: HOW GENERATIVE AI COULD CUT HEALTH CARE COSTS AND DEVELOP NEW CANCER DRUGS 

Cybersecurity in health care

The recent security failures in hospitals have been likened to car owners leaving their keys on the seat with the door unlocked. The American Hospital Association supports voluntary cybersecurity goals but has expressed concerns over mandatory measures proposed by the Biden administration. They argue that such requirements could unfairly penalize hospitals for vulnerabilities introduced by third-party technologies.

Image of stethoscope in hospital (Kurt “CyberGuy” Knutsson)

MORE: A DAD’S LIFE-SAVING INVENTION IS INSPIRED BY HIS WIFE’S NEAR-DEATH ORDEAL

The bigger picture paints concerning trend in health care

This cyberattack is not an isolated incident. It follows a concerning trend of increased cyberthreats to U.S. medical systems. Just recently, Change Healthcare suffered a similar fate, which had widespread repercussions across the health care industry. The Ascension hack, while smaller in scope, directly impacted systems crucial for patient care.

An Ascension spokesperson provided this statement, which is posted on the nonprofit’s website, “Safely caring for patients remains our highest priority as we navigate this cybersecurity incident. We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well-trained. It is expected that we will be utilizing downtime procedures for some time.”

You can read the company’s entire statement here.

8 proactive steps to take in the face of health care cyberattacks

In the wake of the cyberattack on Ascension, consider taking several proactive steps to protect your personal information and prepare for potential disruptions in health care services:

1) Stay informed: Keep up to date with the latest news from Ascension and other reliable sources to know the status of the systems and services.

2) Personal health records: Maintain personal health records saved on your own devices or printed out, including a list of medications, allergies, past surgeries and other relevant health information. This can be invaluable if electronic health records are temporarily inaccessible.

3) Emergency preparedness: Have a plan for medical emergencies that includes knowing alternative health care facilities and understanding how to reach them if your primary hospital is affected. For example, my nearest emergency department recently had a waiting time of several hours while a top hospital an hour away could see many patients within minutes.

4) Cybersecurity best practices: Practice good cybersecurity hygiene by using strong, unique passwords for online accounts. Consider using a password manager to generate and store complex passwords. Also, enable two-factor authentication where available.

5) Vigilance against phishing: Be extra cautious of phishing attempts, as cyberattacks often lead to an increase in phishing emails and calls, trying to exploit the situation. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

6) Contact health care providers: If you have appointments or procedures scheduled, contact your health care provider to confirm or reschedule as needed should a cyberattack disrupt normal operations.

7) Patient portals: If you use patient portals like MyChart, monitor them for updates regarding your medical records and communication with health care providers.

8) Data breach response: In case of a data breach, be ready to follow instructions from Ascension or any affected medical provider regarding credit monitoring or other protective measures.

By taking these eight steps, you can help safeguard your personal health information and ensure better continuity of care during cyber-related disruptions.

Kurt’s key takeaways

The cyberattack on Ascension underscores the urgent need for stronger cybersecurity measures in health care. With the White House pushing for “mandatory minimum” cybersecurity standards, it’s clear that voluntary measures are no longer sufficient. The health care industry must prioritize cybersecurity to protect against such threats and ensure the safety and privacy of patient data. For us as patients, we need to have a backup plan and keep track of our medical records as much as possible.

What role should government agencies play in bolstering cybersecurity measures within private health care systems? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.