Crucial Texas hospital system turning ambulances away after ransomware attack

One of the largest hospitals in West Texas has been forced to divert ambulances after a ransomware attack shut down many of its systems last Thursday. 

The University Medical Center Health System in Lubbock confirmed on Friday that IT outages are being caused by a ransomware incident.

The hospital system said it is “temporarily diverting incoming emergency and non-emergency patients via ambulance to nearby health facilities until access to our systems is restored.” 

“Third-parties that have helped other hospitals address similar issues have been engaged to assist in our response and investigation,” the hospital said.

The team responsible for the recovery effort could not provide a timeline for when services would be restored.

Experts were alarmed by the announcement, noting that UMC is the only level 1 trauma center within 400 miles.

Many of the hospital’s clinics are still open but are operating on downtime procedures. Patients will have to deal with delays, and hospital staff may not have access to portals with patient information. Patients are being urged to bring in physical copies of their prescriptions and other information because doctors do not have access to many patient records. 

Radiology systems are also down across several clinics and phone service is intermittent, according to the hospital’s statement and a FAQ page. 

The hospital is also contacting patients who were scheduled for appointments with instructions on what will happen next. 

UMC has an annual budget of more than $800 million and has about 4,900 employees. It has multiple facilities, including ones focused on children’s health and cancer. 

Earlier this year, the hospital system notified thousands of people of a data breach that exposed troves of sensitive information. 

No ransomware gang has taken credit for the incident as of Monday afternoon but several groups have announced attacks against other hospitals across the U.S., including Weiser Memorial Hospital, which last week reported significant technology outages due to what they called a “computer network event.”

Last week, two prominent members of Congress introduced a new bill designed to better prepare U.S. hospitals and healthcare networks for these sorts of attacks.

The bill would provide billions in funding to hospitals and force them to not only adopt minimum cybersecurity standards but also undergo stress tests to determine if they are capable of restoring services after a cyber incident.