'Migraine': How Ascension health cyberattack caused headache for doctors

Posted at 11:30 PM, May 08, 2024
and last updated 2024-05-09 05:50:41-04

SOUTHFIELD, Mich. (WXYZ) — A massive cybersecurity event impacted Ascension hospitals nationwide on Wednesday.

The hospital system confirmed that their clinical operations were disrupted after they detected unusual activity in their network. An investigation is now underway, while the impact of the disruption and how long it will last is still unknown.

Ascension did not provide anyone to interview on Wednesday. According to a physician at St. John's Ascension in Detroit, who spoke on background because they were not authorized to speak on camera, the disruption caused major changes to workflow and initial delays inside the emergency room.

When asked how big of a headache Wednesday was, the doctor responded "migraine."

Kevin Leeser was visiting his dad in the intensive care unit at Ascension Providence Rochester Hospital when he realized something wasn’t right.

“Within a few hours, kind of realized they're like 'yeah our whole system is down,” Leeser said. “Watching the team work together and kind of winging it and just flipping open phones... It was amazing to see a team work as they did.”

As a nurse himself, Leeser quickly noted the staff was paper charting and using cellphones to communicate with doctors, which are tasks often done using computer systems in the hospital.

“It was interesting. They switched over to paper by the end of the day," Leeser said. "There were reams of paper with different categories of what they have to be charting on.”

The doctor at St. John's told me the attack slowed them down and initially caused some delays. They had to use fax machines or a tube system to send orders and also write paper prescriptions, which is something younger resident physicians had never done before.

Lab results were also delayed. The doctor said it was “a very different day.” The impact also meant they couldn't easily access a patient's history.

"This is an unfortunate trend that we've seen over the last few years,” said Tom Holt, a criminal justice professor at Michigan State University who has studied cybercrime.

Holt says with critical technology and lots of personal data, hospitals are the perfect target for cybercriminals who do these attacks to extract a ransom from their victims.

“Any kind of attack that limits their functionality means you're going to pay up front and as soon as possible to avoid the loss of those systems,” Holt said. "Something of this magnitude — if it is ransomware — is going to be millions of dollars in ransom."

Ascension said they are actively investigating and responded immediately. Both Leeser and the doctor at St. John's said employees stepped up in the moment and in the end, actual impact on patients was minimal.

The doctor just asked those coming into the ER to have patience while the disruption continues and asks patients to have any personal charts or medication history on hand if possible.

“All the drugs my father had today, he got immediately, and it was some serious drugs," Leeser said. "It was nice to know there wasn’t that bottleneck... They really did a great job.”

In their full statement, Ascension said:

"On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues. 

Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.

We have engaged Mandiant, a third party expert, to assist in the investigation and remediation process, and we have notified the appropriate authorities.  Together, we are working to fully investigate what information, if any, may have been affected by the situation. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.

Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment.

This is an ongoing situation and we will provide updates as we learn more.  For the most recent information please visit: []