In the wake of a debilitating cyberattack against one of the nation’s largest health care systems, Marvin Ruckle, a nurse at an Ascension hospital in Wichita, Kansas, said he had a frightening experience: He nearly gave a baby “the wrong dose of narcotic” because of confusing paperwork.

Ruckle, who has worked in the neonatal intensive care unit at Ascension Via Christi St. Joseph for two decades, said it was “hard to decipher which was the correct dose” on the medication record. He’d “never seen that happen,” he said, “when we were on the computer system” before the cyberattack.

A May 8 ransomware attack against Ascension, a Catholic health system with 140 hospitals in at least 10 states, locked providers out of systems that track and coordinate nearly every aspect of patient care. They include its systems for electronic health records, some phones, and ones “utilized to order certain tests, procedures and medications,” the company said in a May 9 statement.

More than a dozen doctors and nurses who work for the sprawling health system told Michigan Public and KFF Health News that patient care at its hospitals across the nation was compromised in the fallout of the cyberattack over the past several weeks. Clinicians working for hospitals in three states described harrowing lapses, including delayed or lost lab results, medication errors, and an absence of routine safety checks via technology to prevent potentially fatal mistakes.

Despite a precipitous rise in cyberattacks against the health sector in recent years, a weeks-long disruption of this magnitude is beyond what most health systems are prepared for, said John Clark, an associate chief pharmacy officer at the University of Michigan health system.

“I don’t believe that anyone is fully prepared,” he said. Most emergency management plans “are designed around long-term downtimes that are into one, two, or three days.”

Ascension in a public statement May 9 said its care teams were “trained for these kinds of disruptions,” but did not respond to questions in early June about whether it had prepared for longer periods of downtime. Ascension said June 14 it had restored access to electronic health records across its network, but that patient “medical records and other information collected between May 8” and when the service was restored “may be temporarily inaccessible as we work to update the portal with information collected during the system downtime.”

Ruckle said he “had no training” for the cyberattack.

Back to Paper

Lisa Watson, an intensive care unit nurse at Ascension Via Christi St. Francis hospital in Wichita, described her own close call. She said she nearly administered the wrong medication to a critically ill patient because she couldn’t scan it as she normally would. “My patient probably would have passed away had I not caught it,” she said.

...continued

©2024 KFF Health News. Distributed by Tribune Content Agency, LLC.