A devastating ransomware attack on Ascension, one of the nation’s largest health care systems, led to alarming lapses in patient care and highlighted the growing threat of cyberattacks in the healthcare sector. In one case, a nurse almost gave the wrong dose of medication to a baby due to confusing paperwork as the hospital’s computers were shut down.
NPR reports that a ransomware attack that took place on May 8 on Ascension, a Catholic health system with 140 hospitals across at least 10 states, has locked providers out of critical systems that track and coordinate nearly every aspect of patient care. From electronic health records to medication orders and test procedures, the attack has left clinicians scrambling to provide safe and effective care, with some reporting alarming lapses in patient safety.
One nurse at an Ascension Hospital lin Whichita, Kansas, Marvin Ruckle, shared a frightening experience in which he nearly gave a baby “the wrong dose of narcotic” due to confusing paperwork in the wake of the attack. Lisa Watson, an intensive care unit nurse at another Ascension hospital in Wichita, described a similar close call, stating that her patient “probably would have passed away” had she not caught a medication error caused by the inability to scan medications as usual. Melissa LaRue, an ICU nurse at Ascension Saint Agnes Hospital in Baltimore, Maryland, also reported a near-miss with “administering the wrong dosage” of a patient’s blood pressure medication.
Clinicians across Ascension hospitals in Michigan, Maryland, and Indiana have reported various incidents compromising patient care. An emergency room doctor at an Ascension hospital in Detroit, Michigan, recounted a case where a man was given a dangerous narcotic intended for another patient, resulting in the need for intubation and ICU admission. A nurse in a Michigan Ascension hospital ER reported a woman with low blood sugar and altered mental status who went into cardiac arrest and died after staff waited four hours for lab results that never arrived.
Despite Ascension’s assurances that their care teams were “trained for these kinds of disruptions,” many clinicians claim they were ill-prepared for an extended downtime of this magnitude. John Clark, an associate chief pharmacy officer at the University of Michigan health system, noted that most emergency management plans are designed for downtimes of only one to three days. The health system has resorted to slapdash workarounds, relying on handwritten notes, faxes, and basic computer spreadsheets to care for patients.
Cybersecurity experts warn that the healthcare sector has become the prime target for ransomware attacks, with hospitals being particularly vulnerable due to their often inadequate security measures and willingness to pay ransoms. In 2023, the health sector experienced the largest share of ransomware attacks of 16 infrastructure sectors considered vital to national security or safety, according to an FBI report on internet crimes. The federal Department of Health and Human Services reported that large breaches involving ransomware had jumped by 264 percent over the past five years.
Patients can pay the ultimate price when lapses occur, with those in hospital care facing a greater likelihood of death during a cyberattack, according to researchers at the University of Minnesota School of Public Health. Workers at Ascension hospitals in Michigan have called for the company to make changes, including temporarily reducing elective surgeries and nonemergency patient admissions and bringing in more nurses to help manage the increased workload. However, some clinicians feel their concerns have “fallen on deaf ears.”
Read more at NPR here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.