Ascension hospitals’ ransomware hack affecting patient care
Nearly two weeks since the May 8 ransomware attack that took down the computer network across the nation’s biggest Catholic health system, employees at Ascension’s Michigan hospitals told the Free Press they don’t know when all of its tech systems will be restored.
Patients are paying the price, two Ascension doctors and a registered nurse told the Free Press on the condition of anonymity out of fear that they could lose their jobs.
“It’s so, so dangerous,” the nurse said.
Medical orders for lab work, imaging tests and prescriptions still were being written on paper and faxed to various parts of the hospitals and to doctors’ offices as of Monday, the workers said.
That has led to hourslong delays for testing even for the most critically ill patients — and no results at all for some metro Detroit residents who have undergone outpatient testing at Ascension imaging centers.
“We are waiting four hours for head CT (scan) results on somebody having a stroke or a brain bleed,” the nurse said of Ascension St. John Hospital on Detroit’s east side. “We are just waiting. I don’t know why they haven’t at least paused the ambulances and accepting transfers because we physically … don’t have the capacity to care for them right now.”
In some cases, what are supposed to be unique medical record numbers assigned to patients when they register in the emergency department at Ascension St. John have been given to more than one patient at a time.
Because of that, the nurse told the Free Press she couldn’t be confident that a patient’s blood test results actually were his own.
“If you have to come here, come,” she said of St. John Hospital. But, she added, if there is any other option for medical care during the computer outage, “absolutely do not bring anybody here.”
The health care workers who spoke to the Free Press said the problems are widespread in the Ascension system.
Nurses and physicians are using Google documents and text messages as an unofficial digital workaround, but still are losing track of patients, an emergency department doctor told the Free Press.
“They are texting me to find out where the patient went,” he said. “They don’t even know where the patient is going or if they’ve been admitted. People are getting lost.
“The pharmacy is getting requests for patient medications and they have no idea where the patient is in the hospital. Some of the attending physicians are putting in orders for medications, somewhat dangerous medications, and we have no idea if the medications are actually being administered.
“It’s a scary thing when your medical license is tied to this. … If medication mistakes become lawsuits, they will follow us throughout our entire careers and that is not fair to us. It’s not fair to patients.”
Ascension: ‘Patient safety continues to be our utmost priority’
St. Louis-based Ascension did not respond by email or phone to questions from the Free Press about the ongoing problems caused by the ransomware attack or concerns employees raised about patient care while its computer network is disrupted.
A nonprofit health system, Ascension has 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia and 134,000 employees.
In Michigan, the health system operates 15 acute-care hospitals, but is in the midst of trying to close deals that would split off eight of its southeastern Michigan hospitals and combine them with Detroit-based Henry Ford Health. Additionally, three of its hospitals in mid-Michigan and northeastern Michigan, along with a stand-alone emergency center and nursing home, are to be acquired by Midland-based MyMichigan Health.
Ascension said earlier it is working with Mandiant, a cybersecurity consulting company, to investigate and help determine what information, if any, was compromised in the cyberattack.
More:Cyberattack hits Ascension hospitals’ computer networks: ‘It’s affecting everything’
More:Fallout from Ascension cyberattack continues: Michigan pharmacies can’t fill prescriptions
It launched a dedicated website last week to post updates about the cybersecurity breach, but as of Tuesday morning the most recent post about the Michigan region was dated May 15.
In that update, the health system wrote: “All Ascension Michigan hospitals, physician offices, and care sites across the state remain open and operational. Despite the challenges posed by the recent ransomware incident, patient safety continues to be our utmost priority. Our dedicated doctors, nurses, and care teams are demonstrating incredible thoughtfulness and resilience as we utilize manual and paper based systems during the ongoing disruption to normal systems.”
However, during the disruption caused by the ransomware attack on the network’s computer systems, the health system asked patients to:
- Bring notes on symptoms, health history and a list of current medications, including prescription numbers or bottles to any medical appointments, tests or hospital visits.
- Ask their doctors to send prescriptions to other pharmacies because “Ascension Rx retail pharmacies in Michigan cannot fill prescriptions.”
- Be understanding that some diagnostic imaging and testing may be delayed and appointments may need to be rescheduled.
Ascension pharmacies shut down
Chris Short, a disabled veteran from Commerce Township, said he had to ration his medicine when Ascension shut down its pharmacy services last week as a result of the cybersecurity attack.
He also had to cancel an out-of-town work trip to sort it out and get his prescriptions transferred. Short takes controlled substances to manage post-traumatic stress disorder, anxiety, depression and chronic pain.
“These are critical meds that I can’t be without because of withdrawal problems and everything,” said Short, who is 43 and served in the Air Force and other federal agencies. He has spinal damage, and also dealt with the trauma of losing colleagues to suicide when he was enlisted.
“A lot of productivity was wasted because (I had to) try to find a new home for my medications,” he said, “as well as cleaning up the mess of having to cancel travel and all the stress.”
His doctor had to revoke the existing prescriptions and write new ones. CVS and Walgreens didn’t have his medicine in stock, he said, and “I couldn’t rely on the Ascension pharmacy to do anything.”
Eventually, Short said he got his prescriptions filled at a nearby Meijer store. But now, he said he’s worried about all of his care at Ascension properties.
He has an MRI scheduled for later this week. When he tried to cancel it Monday afternoon, he said: “They couldn’t cancel my appointment and told me to just not show. It’s a real dumpster fire over there.”
Dearborn woman waits for ultrasound test results
Catherine, 43, of Dearborn, who asked not to use her last name because of the personal nature of her medical information, told the Free Press on Monday that she is frustrated, too.
She has had an array of symptoms that suggest she could have a form of gynecological cancer or an inflammatory disease. Her doctor ordered a pelvic ultrasound that could provide a diagnosis — but the results of that ultrasound, which took place May 10 at Ascension Providence Hospital in Southfield, still aren’t available.
“We scheduled that pelvic ultrasound … the week that the cyberattack happened,” Catherine said. “It was completely surreal. At the ultrasound department, they had all the patients’ names written on paper, and they’re using highlighters across the columns. They called me the day before to tell me to bring the paper order. They said, ‘We’re not going to do this test for you unless you bring the paper order.’ “
It never occurred to her that the results wouldn’t be available within a day or two. She checked her email messages, her online patient portal, called her doctor, and the imaging center, but no one knew the outcome.
Everyone she talked to, Catherine said, had “a lot of sympathy, but no help because nobody knows when anything’s going to be back online. Nobody knows. So I just waited, and I’ve just been sitting here, just trying not to think of the worst-case scenarios.”
Finally, she got word that she could pick up a CD at the Ascension Providence Hospital in Novi that includes the ultrasound images, but has no interpretation from a radiologist or a report of any kind that explains what those images mean.
“They have not been viewed by a radiologist,” she said. “They have not been read. … I’m so appalled that they would do this to patients.”
Now, she has to find a radiology service that will look at the images on the CD and tell her what it shows.
“An inflammatory cancer is the thing that I really would like to rule out,” she said.
Computer shutdown is ‘like the Stone Ages’
One physician told the Free Press that Ascension isn’t being transparent enough about the depths of the problems this ransomware attack has caused, and patients don’t understand the far-reaching implications.
“They don’t understand the magnitude with which this is affecting patient care,” he said. “We have been told not to tell people this and it’s angering me because it doesn’t feel like it’s the right thing for patients to not tell them.”
Another doctor said he doesn’t know when patients like Catherine, who have undergone outpatient screening tests, such as ultrasounds, CT scans, MRIs and mammograms, will find out the results. That has the potential to delay cancer diagnoses and treatment, which could cost lives.
“We’re writing little preliminary notes on a paper and faxing it to the doctors,” he said. For CT scan results, radiologists now have the ability to dictate their interpretations, but the readings can’t be uploaded to any centralized system.
Under U.S. Food and Drug Administration rules, results of screening mammograms must be mailed to patients within 30 days of the tests. But Ascension’s radiologists are locked out of the health system’s dedicated mammography computer program, which generates those patient letters.
“It is a nightmare,” the physician told the Free Press. “I don’t know how they’re going to get the letters out.
“It’s like the Stone Ages.”
Contact Kristen Shamus: [email protected]. Subscribe to the Free Press.
link