On Wednesday, Ascension, a health care system with 140 hospitals in 19 states and Washington, D.C., reported a “cyber security event” that has caused a “disruption to clinical operations” within the company. This event has led to significant impacts on medical services in several states, such as Kansas, Florida, and Michigan. As a result of this disruption, some patients have been diverted to other hospitals and there has been a lack of access to digital records.
Physicians in Michigan have revealed that they are now required to write everything on paper due to the cyber security event. The situation has taken the medical facilities back to the technology levels of the 1980s or 1990s. This attack comes at a time when lawmakers and federal regulators are still dealing with the aftermath of the February attack on Change Healthcare, which potentially exposed private data on a significant number of Americans. Change Healthcare admitted to paying $22 million to the ALPHV ransomware group, which then shut down its site. An affiliate who was allegedly involved in the attack took 4 terabytes of data to another extortion site after being cut out of the proceeds.
The situation with Change Healthcare has reignited the conversation around establishing minimum cybersecurity standards for the hospital industry. Industry groups have expressed their commitment to fighting against the implementation of such standards