On May 8, 2024, the Ascension healthcare network, one of the largest private healthcare systems in the country, discovered a cyberattack against their computer systems. The attack was eventually determined to be ransomware, which blocks access to the data inside computers. Electronic health records; systems used to order tests, procedures, and medications; and methods of communication with patients and between departments, such as patient portals and phone systems, were all impacted across nineteen states plus the District of Columbia.
As a result, Ascension hospitals and healthcare facilities needed to move to processing everything by hand, on paper. As of May 24, Ascension representatives have stated the issue is still being worked on.
However, the situation is far more serious than simple delays in the waiting room. Patient deaths may have already resulted.
How This Is Hurting Patients
The ransomware attack against Ascension means that doctors and nurses are severely limited in their ability to diagnose and treat patients, due to the challenges below:
- No access to patients’ medical histories
- Delay in receiving results of diagnostic tests
- Delay in communicating important updates on patients’ statuses
- Severely increased risk of medication errors
- Lack of established safety checks
Here are some hypothetical examples of how this may play out for patients:
- Bob forgets that he recently switched what blood thinner he takes, and tells his doctor the name of the old one rather than the new one when asked. Unable to verify if this is correct, his doctor then unknowingly prescribes him a second medication that reacts badly with the currently prescribed blood thinner.
- Sally has an infection, but her test results are delayed long enough that it develops into sepsis while she is still waiting to be diagnosed.
- George lives close to an Ascension hospital, but because it is overwhelmed due to the ransomware attack, his ambulance is diverted to a hospital further away, and George dies en route.
- Mary is told to take the wrong dosage of her medication because her pharmacist misreads her doctor’s handwriting. Mary overdoses.
While these are hypothetical scenarios, the actual patients who have been injured or may have lost their lives due to the ransomware attack impacting their healthcare experience are not. Data shows that in-hospital mortality rates increase by as much as 35% when a hospital is undergoing a ransomware attack.
What Is Ransomware?
Ransomware is a type of malware (malicious software) created by hackers to attack a computer network and lock its owners out. The hackers can then hold those computer networks for ransom, demanding large sums of money to return access.
Ransomware attacks are becoming increasingly common, and hospital networks are a prominent target. A 2023 study found that ransomware attacks on hospitals doubled between 2016 and 2021.
Is Ascension at Fault?
Because hospitals are a known target of ransomware attacks, Ascension had a duty to protect its computer systems, and by extension, its patients. Failing that, it should have prepared better safety checks and precautions for working offline in the likely event of a ransomware attack, so that its facilities and workers would not be left overwhelmed and floundering, putting patients at risk.
Ascension can and should be held accountable for its inadequate handling of this crisis.
Were You or a Loved One Impacted? We Want to Help.
At Fieger Law, we have decades of experience fighting for the rights of injured patients when they are hurt by medical malpractice and the negligence of healthcare providers. Whether it’s through medication errors or unnecessarily delayed treatment, we want to help you prove that you were not protected and treated the way you should have been by your healthcare providers.
Contact us for a free case review to learn if you are eligible for compensation for the harm done to you.