This audio is auto-generated. Please let us know if you have feedback.
Ascension, one of the largest nonprofit health systems in the nation, was hit by a ransomware attack early last month.
The St. Louis-based health system, which operates 140 hospitals and serves 19 states and Washington, D.C., first detected unusual activity on some technology systems on May 8. The provider is still investigating the incident, reporting last week that personally identifiable and protected health information may have been compromised.
Ransomware, a type of malware that denies users access to their data until a ransom is paid, can have dire consequences for health systems. The attacks can shut down critical systems for patient care, force hospitals to send ambulances to other nearby facilities and delay scheduled procedures.
Ascension reported its electronic health record system, patient portal, some phone systems and various systems to order certain tests, procedures and medications were offline shortly after the attack.
The health system asked patients to bring appointment notes as well as lists of prescriptions or pill bottles, so their providers could call in medication needs. Some hospitals in Indiana, Michigan, Oklahoma and Tennessee had diverted ambulances during the cyberattack.
By the numbers
12
States, including Washington, D.C., that were impacted by the cyberattack. Arkansas, Louisiana and Missouri didn’t report interruptions to patient or client services.
36
Days when Ascension reported its electronic health record was impacted by the cyberattack. On May 9, the health system said its EHR was unavailable. On June 14, Ascension said it restored its EHR across the system, though some markets restored the record earlier.
128%
How much cyberattacks against the healthcare sector increased from 2022 to 2023, according to the Office of the Director of National Intelligence.
Alice Brewer 
Rebecca Pifer and Emily Olsen 
Susanna Vogel