Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack

A nurses union in Michigan is demanding the implementation of safety precautions following weeks of chaos due to a ransomware attack on Catholic hospital network Ascension. 

Members of the Local 40 union working for the Ascension Providence Rochester Hospital said they are “deeply concerned about the current challenges” faced by both hospital workers and patients due to the lack of access to patients’ electronic medical records after the cyberattack. 

In a petition directed at Ascension CEO Joseph Impicciche and several other leaders of the organization, 118 members of the union demanded better communication systems, more regular training sessions, weekly progress reports on the organization’s recovery efforts, increased staffing and a reduction in elective or non-emergency admissions.

“These safety precautions are essential to safeguarding the well-being of both our members and the patients we serve during this challenging time. It is imperative that the hospital administration takes immediate action to address these concerns and prioritize the safety and quality of care for all individuals involved,” the nurses said. 

CNN spoke to a nurse at the hospital who said the cyberattack and technology outage is “putting patients’ lives in danger.”

The ransomware attack began around May 8 and since then, workers at the organization’s more than 140 hospitals have struggled to deliver medicine, manage patient needs and get even basic tests done. 

Dozens of nurses have spoken to local news outlets across the country to complain that the lack of a working electronic medical records system is endangering patients because health workers do not have accurate information on people’s medical history. One nurse noted that the delays in getting imaging tests done for injuries like strokes or heart attacks can mean the difference between life and death for some patients. 

Other healthcare workers have said they use Google Docs and text message chains to coordinate with coworkers and manage care. 

The Local 40 petition said there need to be daily meetings with each unit to coordinate how patient care and safety protocols will be handled without access to basic technology. 

Training sessions also need to be held to explain how each unit plans to navigate the issues caused by the ransomware attack each day. 

The union also called for Ascension to provide more frequent updates on the recovery process — something the organization pledged to do in a statement last week. Ascension said it planned to make significant progress in its recovery over the Memorial Day holiday but has not provided an update as of Friday and did not respond to requests for comment. 

The nurses also asked for increased staffing in order to weather the problems created by the ransomware attack, arguing that there needs to be a 4-to-1 nurse-to-patient ratio until the situation is resolved. 

Ascension said its more than 134,000 workers dealt with 3.1 million emergency room visits last year across 19 states. 

The nurses’ petition comes as scrutiny around Ascension has grown. Patients in Texas, Illinois, and Tennessee have filed class action lawsuits against the organization for the leak of sensitive health information during the cyberattack. 

One plaintiff noted that in addition to the exposure of sensitive data, patients at Ascension hospitals are dealing with “ongoing harm” because they are “unable to effectively communicate with their healthcare providers and/or receive the requisite medical care and attention they need for months following the Data Breach because Ascension’s network systems, including its MyChart patient portal, remained offline and were inaccessible to patients.”

“Plaintiff and the Class also now forever face an amplified risk of further misuse, fraud, and identity theft due to their sensitive Personal Information falling into the hands of cybercriminals as a result of the tortious conduct of Defendant,” Katherine Negron said in her lawsuit.