Ascension Hospital is still reeling from a massive nationwide cyberattack

SOUTHFIELD, Mich. (WXYZ) — Ascension Hospital is still reeling from a massive nationwide cyberattack, one day after it was discovered.

We’re told some patients have been redirected while Ascension relies on pad and paper to process patient records.

Ask Dr. Nandi: How cyberattacks can impact patient care

Ask Dr. Nandi: How cyberattacks can impact patient care

We spoke with a cyber expert, an Ascension emergency physician, and a spokesperson to give you a better understanding of what’s happening and what’s to come.

A cyberattack of unknown origin continues to disrupt clinical operations at the Ascension Health network, which serves 19 states with 140 hospitals, fourteen in Michigan, including six here in Metro Detroit.

“Migraine”: How the Ascension Healthcare Cyberattack Gave Doctors a Headache

“Migraine”: How the Ascension Healthcare Cyberattack Gave Doctors a Headache

In a statement Thursday, the health system said it was investigating, responded immediately and took remedial action.

An emergency physician in the southeastern Michigan system told us today that systems are expected to be down within the next two weeks. They had to shut down the medication dispensing machines for patients.

Some patients told us on Facebook that Ascension staff are minimizing the impact. One tells us that they have been to the emergency room twice in the last 12 hours and despite the computer problems, everyone is very helpful and caring.

“It’s safe to assume Ascension is in scramble mode,” said Scott Bailey.

Scott Bailey of N1 Discovery is a Metro Detroit-based data security expert with extensive experience.

“We have committed one of the largest healthcare data breaches in Michigan. We have committed one of the largest violations of a public utility here in Michigan. These were all of great importance from a forensic perspective. I was caught up in the Oklahoma City bombing. I worked on the Kwame Kilpatrick case. I am a digital e-discovery advisor to the Attorney General’s Office for the Flint Water crisis,” Bailey said.

“Is it possible that the breach is currently active?” I asked.

“That could definitely be the case. When you think about Ascension, it’s a huge, multi-state organization. Some threat actors, when they actually break into a system, will build or attempt to build backdoors into that system,” Bailey said.

“What does this mean for the system? “What happens for the patients and caregivers at Ascension?” I asked.

“Either they went down directly due to the cyberattack, which potentially means a ransomware attack that encrypted the systems,” Bailey said. “Or they were deliberately rejected to prevent further damage. They must now return to what many people today would call the Stone Age. You know 1980, when everything was done with pencil and paper.”

It is certainly not the first cyberattack to target a healthcare system.

Change Healthcare paid $22 million for a ransomware attack in February.

Bailey believes a payout is also the likely motivation for the attack on Ascension.

“Cybersecurity is all or nothing, right? Either everything is protected or you are vulnerable. Period,” Bailey said.