A Thanksgiving turkey for hospitals: multiple cyber and ransomware attacks

IT incidents were on the Thanksgiving menu at many US hospitals. It was no holiday for the hospitals experiencing attacks and outages, forcing ERs to divert to other hospitals and resort to downtime procedures. The hospitals reporting them are part of Ardent Health Services, a 30-hospital operator. Ransomware has been reported for some as the cause. Not all Ardent hospitals have been reported as affected.

A rundown of what was attacked, and where:

  • The 10-hospital UT Health East Texas (Tyler, Texas) network reverted to downtime procedures after a security incident, outage, and locked down its systems. Ambulances heading to its ERs were diverted to other hospitals.
  • Lovelace Health System in Albuquerque, New Mexico, affecting six hospitals, 33 health care clinics and seven outpatient therapy clinics. 
  • BSA Health System in Amarillo, Texas 
  • The University of Kansas Health System St. Francis Campus in Topeka 
  • Hillcrest HealthCare System (Tulsa, Oklahoma) 
  • Closer to this Editor’s home, two Hackensack Meridian hospitals in New Jersey served by Ardent were ransomwared starting on Thanksgiving: Pascack Valley in Westwood and Mountainside Medical Center in Montclair. Local reports indicated a ransomware attack. The outage continued through the weekend. Other Hackensack Meridian hospitals are not served by Ardent and were not affected.

Ardent has reported this to law enforcement and in their release, stated they are still determining the full impact of the event, though working with partners to restore access to electronic medical records and operations. 

In addition to the Ardent hospitals, on Thursday the six-hospital Vanderbilt University Medical Center (Nashville, Tennessee) reported a cyberattack that compromised a database and was contained. Ransomwareistas Meow claimed that their information was leaked on the dark web. VUMC is not confirming a ransomware attack and stated that the “compromised database did not contain personal or protected information about patients or employees.”

Becker’s 27 Nov, 27 Nov (Hackensack), Asbury Park Press, News12NJ, Ardent Health release, The Record

76 percent of post-surgery patients prefer telehealth followup: study

A 50-patient study at Vanderbilt University Medical Center in Nashville, Tennessee found that online-only post-surgical followup was acceptable to 76 percent of patients after uncomplicated surgery (hernia repairs, laparoscopic gall bladder). These patients, all of whom had internet access and a smartphone, tablet or digital camera, took their own pictures of their surgical site and transmitted these digital images through an online patient portal established by Vanderbilt. Both patient and doctor communicated through the portal to discuss follow-up care (though not necessarily at the same time). Another plus was that the online visits took significantly less time for patients (15 versus 103 minutes) and surgeons (5 versus 10 minutes). The surgeons reported a comparable effectiveness number–68 percent–for both online and in-person visits. Clinic visits were more effective in 24 percent and online visits for 8 percent. What was also notable was that no complications were missed via online visits. The program used to analyze images, typically used in wound management, was not disclosed in the study, which was performed between May and December last year. mHealthNews, Journal of the American College of Surgeons (abstract only)