Ascension confirmed Saturday that a May 8 cybersecurity incident was a ransomware attack. But the 19-state health system said it is making progress in updating systems. It has provided separate updates for facilities in each state and the District of Columbia.

Meanwhile, some patients are voicing their frustrations over a lack of access to care – and so are nurses fielding patient calls with few answers to give. 

Concerns that protected data may have been breached during the attack also manifested in three class action lawsuits filed this week.

WHY IT MATTERS

Ascension reported on its website that emergency rooms remain open, urgent care centers are operating and patients with upcoming scheduled surgeries should plan to arrive as planned, unless otherwise notified.

"Due to the transition to manual systems for patient documentation, patients may encounter longer than usual wait times and some delays," Ascension said in its cybersecurity event update.

The health system is asking patients to bring notes on symptoms – such as printed copies of previous visit summaries – and a list of current medications, "including prescription numbers or bottles."

In some states, only certain Ascension Rx retail pharmacies are operational or functional, such as in Alabama. In others, the health system's retail pharmacies cannot fill prescriptions at this time, such as Florida, Wisconsin and the District of Columbia.

While operations continue – albeit with longer wait times expected – patients and nurses are said to be frustrated.

Delays in imaging and lab results and non-stop calls from patients are just a couple of the challenges that an ER nurse told FOX6 Milwaukee Tuesday that staff members in Wisconsin are facing. 

Connie Smith, president of the Wisconsin Federation of Nurses, and an Ascension employee, told the local news outlet that manual processes and lack of access to patient records are particularly challenging in outpatient care and radiology services.

The business affairs manager at the Offices of T.J. Jesky in Chicago, Mark F. DeStefano, confirmed lawsuits were filed on behalf of Ascension patients against the health system in the U.S. District Courts for the Northern District of Illinois, Western District of Texas and Eastern District of Missouri for potential HIPAA violations. No statement is available at this time.

THE LARGER TREND

After the Health Information Sharing and Analysis Center warned hospitals about the Russia-backed ransomware group Black Basta and the American Hospital Association sent a cybersecurity advisory with technical mitigation recommendations to its members about the variant, Ascension confirmed the cybersecurity incident was the result of a ransomware attack on May 11.

ON THE RECORD

"Ascension, with the support of leading cybersecurity experts, worked around the clock over the weekend to respond to the ransomware incident affecting our systems," a spokesperson said in the health system's latest update on Monday. "We are focused on restoring systems safely. We are making progress, however, it will take time to return to normal operations."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.