Ascension, which has 14 hospitals in Illinois, falls victim to a ‘cyber security event’

Ascension is postponing some non-emergency elective surgeries, tests and appointments following a cybersecurity incident at the health system, which has about 150 care locations in Illinois, including 14 hospitals.

Ascension hospitals in Illinois were still providing all patient care services as of Thursday afternoon, although some medical procedures had to be postponed and there were several IT service interruptions, Ascension Illinois spokeswoman Olga Solares said in an email.

Ascension’s electronic health records and MyChart online patient portal systems were unavailable Thursday evening, as were some telephone systems and various systems for ordering certain tests, procedures and medications, Ascension said in a news release.

Some Ascension hospitals in other parts of the country were on “diversion” Thursday evening, meaning ambulances were requested to take new patients to other hospitals. However, none of Ascension Illinois’ 14 hospitals had an emergency room as of Thursday evening, Solares said. There are approximately 140 hospitals in Ascension statewide.

Ascension said in the news release that patients should bring notes about their symptoms, medications and prescription numbers to their appointments.

Ascension first “detected unusual activity on select technology network systems” on Wednesday and has since determined there was a “cybersecurity incident,” the health system said.

“We are working around the clock with internal and external consultants to investigate, contain and recover our systems following a thorough validation and review process,” Ascension said in the release. “Our investigation and restoration work will take some time and we do not have a timetable for completion.”

Ascension said it is investigating the situation and is also examining what information, if any, may have been compromised. If an individual’s personal information may be disclosed, Ascension will notify and assist those individuals. Ascension said it is working with Mandiant, an outside expert, to assist with the investigation and remediation process.

The incident came shortly after Lurie Children’s Hospital in Chicago dealt with its own cyberattack earlier this year. A group called Rhysida, an overseas ransomware company, made claims related to this attack. Following the cyberattack, Lurie shut down its phone, email and electronic medical records systems on Jan. 31. The hospital, outpatient centers and primary care practices were affected, making it more difficult for patients to reach providers. Lurie restored its systems in March.

It also follows a cybersecurity incident at Change Healthcare — a unit of UnitedHealth Group — in late February that made it difficult for many providers to submit health insurance claims.