On May 8, 2024, Ascension, one of the largest health systems in the country, experienced a ransomware attack that has significantly impacted its operations nationwide. Ascension Michigan, a key entity within this system, announced on May 15 that the cyberattack has disrupted its retail pharmacies, preventing them from filling prescriptions.
Impact on Ascension Rx Pharmacies
Ascension Michigan’s retail pharmacies are currently unable to fill prescriptions due to the cyberattack. In a public release, Ascension advised patients to ask their doctors to send their prescriptions to alternative pharmacies while efforts are underway to restore their systems. For patients who cannot access another pharmacy and are running out of medication, Ascension Rx pharmacies may provide a short-term supply if patients bring their current prescription bottles.
Initially, Ascension Michigan attempted to manage the situation by filling prescriptions for those who brought their prescription bottles to the pharmacies. However, they faced additional challenges as they could not process credit card payments due to the ongoing system outages.
Scope of the Ransomware Attack
Ransomware attacks involve unauthorized parties gaining access to an organization’s cyber network, often encrypting data and demanding a ransom for its release. This attack has caused widespread disruptions across Ascension’s facilities in Michigan and beyond. The impact has necessitated a partial return to manual and paper-based patient documentation and records, particularly affecting pharmacies, emergency departments, physician offices, and diagnostic testing sites.
Ascension operates numerous pharmacies and healthcare facilities in southeast Michigan, including eight hospitals in key locations such as Novi, Rochester Hills, Southfield, Madison Heights, Warren, Detroit, East China Township, and Grand Blanc. Despite the attack, all hospitals and care sites remain open, although some are experiencing intermittent service disruptions.
Ongoing Challenges and Patient Advisories
Due to the reliance on manual systems, Ascension advises patients to bring detailed notes on their symptoms, lists of current prescriptions, or their prescription bottles to doctor appointments and elective surgeries. Most appointments are proceeding as scheduled, but patients will be notified directly if rescheduling is necessary.
For the latest updates, Ascension directs patients to their cybersecurity event page at https://about.ascension.org/cybersecurity-event/regional-pages/michigan. The organization has not provided a timeline for when all systems will return to normal operation.
Investigation and Data Security Concerns
Ascension is currently investigating whether patients’ personal information was compromised in the attack, with assistance from the FBI. Affected patients will be notified if their information has been breached. This proactive communication aims to maintain transparency and manage patient concerns regarding data security.
Future Outlook and Joint Venture
The cyberattack comes at a critical time for Ascension Michigan, as it is in the midst of a joint venture with Henry Ford Health. This venture will integrate Ascension’s eight southeast Michigan hospitals and an addiction treatment facility in Brighton into the Henry Ford Health system. Announced last fall, this partnership is expected to be finalized by summer 2024 and will operate under the Henry Ford Health brand. Despite the current cybersecurity challenges, the venture remains on track.
Conclusion
The ransomware attack on Ascension Michigan highlights the critical need for robust cybersecurity measures in the healthcare sector. As healthcare organizations increasingly rely on digital systems, they must prioritize protecting these systems from cyber threats. Patients and healthcare providers alike are reminded of the importance of preparedness and resilience in the face of such disruptive events.