Cyberattack fallout: Ascension and DocGo troubles ricochet

Also: CommonSpirit reports increased earnings in the year after a major ransomware disruption and widespread data breach.
By Andrea Fox
11:17 AM

Photo: francescoridolfi.com/Getty Images

After cyberattacks, large healthcare organizations must grapple with system clean-up and data breaches, potentially harming patient care due to service disruptions, exacting costs and garnering regulatory scrutiny on security vulnerabilities. 

This week we learned that the May 8 attack on Ascension left a former hospital with systems outages for operations yet to be migrated to its new owner, the Guthrie Clinic, and an attack on DocGo exposed U.S. patient data.

Despite the breach, DocGo said it expects record profits this year, while CommonSpirit reported improved financial results a year and a half after its massive patient data breach, crediting telehealth and other measures for increased efficiencies.

Ascension attack snares Guthrie hospital

On the day of the ransomware attack on Ascension, Guthrie Lourdes Hospital in Binghamton, New York, became aware that certain systems still connected to its former parent organization were not working, according to the hospital's outage information.

"Although Lourdes became part of The Guthrie Clinic in February, the hospital and associated clinics maintained some temporary linkages to the Ascension network while a permanent and organized migration to Guthrie systems can be phased in," the New York hospital explained on its website.

"This cyber event took place before a full transition could be completed."

Guthrie said its IT team severed Lourdes' connections with the affected systems, and the Ascension ransomware attack impacted no other Guthrie facilities.

"The Lourdes Hospital Emergency Room is open and will never turn away patients seeking care." 

However, prescriptions at Lourde cannot be filled, the health system said on May 13. 

Guthrie advised affected patients to contact providers for a paper prescription that can filled at other retail pharmacies, including Guthrie's nearby Corning and Sayre, Pennsylvania, hospitals.

Ascension patients across multiple states are finding care strained as systems are slowly restored.

DocGo files data breach

DocGo, an ambulatory and remote patient monitoring provider in the U.S. and U.K. filed a notice on May 7 with the U.S. Securities and Exchange Commission over U.S. patient data breached in a recent cyberattack.

"As part of its investigation, the company has determined that the threat actor accessed and acquired data, including certain protected health information, from a limited number of healthcare records within the company’s U.S.-based ambulance transportation business, and that no other business lines have been involved," DocGo said in the SEC filing

DocGo said that business operations have not been impacted, but provided few details on the attack. Healthcare IT News' sister publication, MobiHealthNews, reached out on May 9, but the company declined to comment on the breach.

A day after reporting the breach to the SEC, the company released substantial first-quarter earnings, citing an increase in total revenue to $192.1 million, up from $113 million in the same period last year.

DocGo expects to generate between $280 to $300 million in 2024.

"This impressive growth is indicative of our ability to execute and deliver transformative long-term performance," CEO Lee Bienstock said in a statement.

CommonSpirit financial results improve

Despite suffering a debilitating cyberattack in October 2022, CommonSpirit showed financial performance improvements on a year-to-date basis versus 2023, according to a statement Wednesday from the for-profit healthcare organization. 

CommonSpirit reported operating revenues of $9.25 billion and operating expenses of $9.62 billion for the quarter that ended March 31, compared to revenues of $8.45 billion and expenses of $8.92 billion for the same period last year.

“We are pleased to see the continued improvement in our financial performance,” Dan Morissette, CommonSpirit’s chief financial officer, said in a statement. 

Increased volumes drove the financial improvements – admissions rose 4.5%, outpatient visits increased 2%, and emergency room visits were 3.9% higher than last year – along with
"efficiency gains and reductions in length-of-stay," the company said. 

The resulting breach affected protected data held by several hospitals that are part of Virginia Mason Franciscan Health, owned by Chicago-based CommonSpirit.

CommonSpirit said in 2022 that integrating telebehavioral care via Teledoc Health into its electronic health records as consultation-liaison services was one way it reduced length-of-stay metrics.

"Analyzing these metrics, we found the benefits of telebehavioral health satisfied our main objectives: a decrease in length of stay, a decrease in cost, an increase in satisfaction and expectations of care met," John Mackenzie, clinical program manager at CommonSpirit Telehealth Network, told Healthcare IT News.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.