Cyberattack has Michigan Hospitals Pausing Elective Procedures, Diverting Emergency Care

Ascension hospitals across Michigan are temporarily pausing some non-emergency elective tests, procedures and appointments in the aftermath of a cyberattack.

As of Friday morning, May 10, the health system reported being unable to access electronic health records and various systems to order tests, procedures, and medications.

Several hospitals were also on diversion for emergency medical services in order to ensure serious cases are triaged immediately, according to a spokesperson who provided an update via the hospital’s website.

“If you are experiencing a medical emergency, please contact 911 and your local emergency services will bring you to the nearest hospital emergency room,” the spokesperson wrote.

Ascension, based in St. Louis, has hospitals throughout Michigan, including in Allegan, Detroit, Grand Blanc, Kalamazoo, Madison Heights, Novi, Plainwell, Rochester, Saginaw and Southfield.

On Wednesday, May 8, Ascension said it detected some unusual activity on its network systems. When it determined a cyberattack had occurred, it alerted authorities and a third-party expert, Mandiant, and has since been investigating and working on a remediation process.

As of Friday morning, an Ascension spokesperson said they did not have an estimated timeline for its restoration efforts. They expected to be utilizing “downtime protocols and procedures” for “some time.”

“Safely caring for patients remains our highest priority as we navigate this cybersecurity incident,” the spokesperson wrote.

The hospital system says patients who have scheduled appointments should bring notes on their symptoms and a list of current medications, as well as prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies.

Care teams are reaching out to patients whose appointments or procedures will need to be rescheduled.

“We understand the frustration this may cause and sincerely regret any inconvenience to our patients,” Ascension officials said.

It wasn’t clear as of Friday if any sensitive patient information was exposed during the attack, or how many patients could be affected. Ascension said if it determined personal information was affected, it would notify and support individuals “in accordance with all relevant regulatory and legal guidelines.”

Cyberattacks appear to be increasingly common in health care. In late 2023, Cherry Health and McLaren Health reported some of their data being accessed improperly.

Then in February, a major tech company called Change Healthcare reported being the victim of a cyberattack. The American Hospital Association called the attack “the most significant and consequential incident of its kind against the U.S. health care system.”

For the latest update from Ascension, visit about.ascension.org.

©2024 Advance Local Media LLC. Visit mlive.com. Distributed by Tribune Content Agency, LLC.