Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hospital System. Show all posts
User Security
CrowdStrike outage Cyber Security Hospital System threat report User Security

Patient Care Technology Disruptions Linked With the CrowdStrike Outage, Study Finds

 

A little more than a year ago, nearly 8.5 million Windows-based IT systems went down due to a simple error made during a routine software update. Computers were unable to reboot for several hours due to a bug from CrowdStrike, a cybersecurity business whose products are used to detect and respond to security attacks. Many of the systems needed further manual patches, which prolonged the outage.

The estimated financial toll? Anywhere between $5 billion and $10 billion for Fortune 500 firms – and close to $2 billion for the healthcare sector specifically.

A new report reveals that the negative repercussions on healthcare organisations have gone far beyond financial. A study published in JAMA Network Open by the University of California San Diego found that the incident triggered measurable disruptions in a large proportion of US hospitals, including technical issues that impacted basic operations, research activities, and direct patient care. The researchers discovered that immediately following the CrowdStrike upgrade on July 19, 759 hospitals (out of 2232 with available data) had measurable service disruptions. That represents more than one-third of healthcare organisations.

Of a total of 1098 service outages across those organisations, 21.8% were patient-facing and had a direct impact on patient care. Just over 15% were relevant to health-care operations, with 5.3% affecting research activities. The remaining 57% were either not classified as significant or unknown. 

“Patient-facing services spanned imaging platforms, prehospital medicine health record systems, patient transfer portals, access to secure documentation, and staff portals for viewing patient details,” the researchers explained. “In addition to staff portals, we saw outages in patient access platforms across diverse hospital systems; these platforms, when operating as usual, allow patients to schedule appointments, contact health care practitioners, access laboratory results, and refill prescriptions.” 

Additionally, some hospitals experienced outages in laboratory information systems (LIS), behavioural health apps, and patient monitoring systems like foetal monitors and cardiac telemetry devices. Software in development or pre-deployment stages, informational pages, educational resources for medical and nursing students, or donation pages for institutions were primarily impacted by the outages classified as irrelevant or unknown.

3.9% of hospitals had outages longer than 48 hours, while the majority of hospital services returned within 6 hours. Outages lasting longer than two full days were most common in hospitals in South Carolina, Maryland, and New Jersey. With the majority of assessed hospitals returning to service within six hours, Southern US organizations—including those in Tennessee, North Carolina, Louisiana, Alabama, Texas, and Florida—were among the quickest to recover.

The incident served as a stark reminder that human error is and always will be a serious threat to even the most resilient-seeming technologies, while also highlighting the extraordinarily fragile nature of the modern, hyperconnected healthcare ecosystem. CrowdStrike criticised the UCSD research methods and findings, but it also acknowledged and apologised to its customers and other impacted parties for the disruption and promised to be focused on enhancing the resilience of its platform.
Read more »
Ransomware attack
Cyber Attacks CyberCrime Cybersecurity Data Safety Hospital System Ransomware attack

Ransomware Attack Leaves Michigan Hospitals in Chaos Nine Days On

 


It is continuing to cause problems for Michigan Ascension hospitals as a result of a cyberattack, which has forced some ambulances to be diverted to other hospitals in the event of medical emergencies, delayed diagnostic imaging, and affected prescription filling. There is no response from Ascension's spokesperson as to how the attack is still impacting the company's operations, as he did not respond to my request on Monday. 

Nevertheless, a statement issued by the system on May 15 indicated that it had switched to manual paperwork in the wake of the attack. The hospital systems, physician offices, and care centres of Michigan Ascension remain operational after a disruptive cyberattack against Ascension hospitals was announced last week by the company.

Patients are awaiting the return of the hospital systems. Among the victims of this incident was Dan Newman, who went to the Ascension Borgess facility in Portage on Monday, May 13, expecting to receive specialized blood work. He was surprised to discover that there were no patients in the waiting room when he arrived. His bloodwork cannot happen according to the schedule because the computer systems are down, according to the lady at the counter. 

It has been nine days since a ransomware attack crippled the entire Ascension hospital system on May 8 with the result of a ransomware attack, and Newman and other patients are still waiting for services to resume. In addition, patients are experiencing issues with filling prescriptions, accessing their patient portal, and getting some tests performed. "There was nothing they could do," Newman said, since the disruption began last week on Wednesday, May 8, and Ascension operates more than a dozen hospitals across Michigan, including those in Kalamazoo, Saginaw, Novi and others. 

Even though all Ascension Michigan hospitals, physician offices, and care centres across Michigan are open, the company said on May 12, that they could not even look at the computer to see what the specialist had ordered. However, diagnostic imaging and testing have been temporarily delayed in some facilities. Despite the challenges posed by the ransomware incident, patient safety remains the company's top priority, as the company emphasized on May 12. Ascension intended to keep patients informed of the ongoing disruption by using paper-based systems. 

Ascension said it was thankful to patients for their understanding during the "unexpected event." It was also called a "ransomware incident." The doctor's offices and care centres at Ascension Michigan are operating with normal business hours, according to the company, although patients may experience longer wait times and delays as a result of the disruption. In May of this year, Ascension observed unusual behaviour on a selected technology network system. 

In the course of investigating the ransomware attack, the company has been forced to suspend access to systems and patient care across 15 states since then. Hospitals have faced the task of restoring systems and determining if any of the patient information has been impacted while transforming to manual systems for documenting patients' visits in the process of restoring systems. Ascension said the delay in appointments and elective surgeries that were previously scheduled are likely to cause delays and take longer than expected.

In a press release issued on May 15, an Ascension spokesperson suggested that patients bring notes on their symptoms as well as a list of current medication, including prescription numbers or bottle labels to avoid delays in treatment. In Michigan, every Ascension emergency room remains open and accepting walk-ins, and ambulatory diversion continues to be an "average operation, a fluid practice that is influenced by several factors, including the severity of the cases, the availability of services, and the number of providers," the statement stated. 

According to a spokesperson for Ascension Health, the hospital's emergency rooms are constantly in contact with emergency medicine providers to ensure that patients' cases are handled more effectively without compromising the quality of the service. Nine days after a ransomware attack, Michigan hospitals are still experiencing significant operational disruptions. Ascension Health stated on Wednesday that patients will be contacted directly if any rescheduling of surgical, diagnostic, or other doctor's appointments is necessary. 

On Monday, Ascension did not provide an immediate response to requests for information regarding which Michigan facilities are currently diverting ambulatory cases or temporarily delaying diagnostic imaging and testing. The healthcare system has involved law enforcement and various government agencies, including the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the American Hospital Association (AHA). U.S. hospitals and healthcare systems have become major targets for ransomware groups in recent years. 

These cyberattacks can severely disrupt healthcare services and have inflicted financial damages amounting to millions of dollars on some health systems. Cyber-attacks, in general, have increased dramatically as the world becomes more digitized. Several experts have observed a significant rise in cyberattacks globally, particularly in 2023. A study supported by Apple, conducted by Professor Stuart Madnick, revealed that data breaches have reached an all-time high for organizations in the United States. Data breaches occur when unauthorized individuals access sensitive consumer information, which may then be shared or sold. 

An Ascension spokesperson emphasized last week that patient safety remains their utmost priority despite the challenges posed by the recent ransomware incident. The spokesperson commended the dedication and resilience of their doctors, nurses, and care teams, who are currently relying on manual and paper-based systems during the ongoing disruption of normal operations. Ascension is collaborating with forensic experts from three cybersecurity firms—Mandiant, CYPFER, and Palo Alto Networks Unit 42—to investigate the attack and restore their systems. This was confirmed in a system-wide update provided last week.
Read more »
Subscribe to: Posts (Atom)