Federal agencies helping Catholic health network amid cyberattack

SAN FRANCISCO – Several federal agencies are coordinating resources to assist nonprofit healthcare system Ascension following a cyberattack that has limited its operations, a senior White House official said Thursday.

The Catholic nonprofit, which operates in 19 states, published a notice on Wednesday evening saying it was dealing with a cyberattack that caused widespread outages across its technology network. 

The organization said on Thursday that several hospitals are diverting ambulances due to the technology outages. 

Phones and computers at hospitals across the country are now down, causing missed appointments and disruptions to pharmaceutical operations. Doctors said the abrupt shift to paper systems has interrupted care and forced them to constantly check on patients to assure they were getting the drugs and medication they need. 

At the RSA Conference on Thursday, Anne Neuberger, the deputy national security advisor for cyber and emerging technologies, confirmed that it was a ransomware attack and said this was an example of the need for more to be done to protect critical infrastructure. 

“We're dealing with yet another ransomware attack against a major hospital chain in the country today,” she said. “It's sobering, because I think the lesson is that when you have critical services that cannot be disrupted, those are where we have to prioritize regulation.”

The Department of Health and Human Services was “immediately on the phone with the CEO” on Wednesday to help, and the FBI and others are providing support, she told Recorded Future News in follow-up comments.   

In the Thursday update, Ascension warned that they still do not have a timeline for when systems will be restored. 

The systems that are down include the organization’s electronic health records system, MyChart — which enables patients to view their medical records and communicate with their providers — some phone systems, and “various systems utilized to order certain tests, procedures and medications.” 

“We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained,” the organization said. 

“It is expected that we will be utilizing downtime procedures for some time. Patients should bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies.”

The attack forced several hospitals to cancel some non-emergency elective procedures, tests and appointments while they work to bring systems back online. 

The organization runs hundreds of hospitals and 40 senior living facilities.