Accessibility links
Ransomware attack led to harrowing lapses at Ascension hospitals, staffers say Problems caused by the attack included delayed or lost lab results, medication errors, and an absence of routine safety checks to prevent potentially fatal mistakes, doctors and nurses told reporters.

National

< Cyberattack led to harrowing lapses at Ascension hospitals, clinicians say

Cyberattack led to harrowing lapses at Ascension hospitals, clinicians say

Listen · 3:41
  • Download
  • <iframe src="https://www.npr.org/player/embed/nx-s1-5010219/nx-s1-a95a5288-c5a9-43d0-9e8d-58fd3fba7b62" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

LEILA FADEL, HOST:

Ascension, one of the country's largest health systems, has been dealing with the effects of a ransomware attack for more than a month.

A MARTÍNEZ, HOST:

The Catholic health system runs 140 hospitals and other facilities in 18 states and Washington, D.C. Doctors and nurses say patients have been put at risk.

FADEL: Kate Wells of member station Michigan Public is joining us from Ann Arbor, Mich. She's been reporting on the national impact of this with Rachana Pradhan of KFF Health News. Kate, hi.

KATE WELLS, BYLINE: Hi, Leila.

FADEL: So the cyberattack started on May 8. How has it disrupted care?

WELLS: Yeah. For weeks, it took out all the hospitals' access to electronic health records and basically every system that Ascension uses to do everything from tracking patients to ordering labs and tests to just making sure that the right medication goes to the right patient. And right now, things have gotten better. Gradually, Ascension says it's been able to restore access to things like electronic health records, but the staff that we've been talking to say things are not fully back to normal yet. There's still glitches and delays.

FADEL: So tell me more about what the staff has been telling you. You and Rachana talked with nurses and doctors in three states about what happened to patients during the first few weeks of the cyberattack. What did they say?

WELLS: Yeah, the staff that I talked to were genuinely worried about their patients' safety. I talked with a dozen doctors and nurses here in Michigan. And across the board, they described numerous close calls when the wrong medications would be ordered, when labs would just get lost, when patients were being tracked with sticky notes or Google Docs.

An Ascension hospital ER doctor that I talked to in Detroit said one of their patients was given a dangerous narcotic that was intended for another patient because of a paperwork mix-up, and that patient who got the wrong meds had to be put on a ventilator because of that and sent to the ICU.

An ER nurse at the same hospital in Detroit told me about a patient of theirs who died. This was a woman who came in, and she went into cardiac arrest after staff had waited for four hours for these labs that they urgently needed to figure out how to treat her and they just never received. The nurse told me at the time in May, they said, if I started having crushing chest pain in the middle of work and I thought I was having a big one, I would grab someone to drive me to another hospital down the street.

FADEL: They're describing pretty dangerous conditions. What's Ascension saying?

WELLS: So we ran all of these examples past Ascension, and they declined to comment on them, but they did tell us in an email, quote, "we are confident that our care providers and our hospitals and facilities continue to provide quality medical care." They said in an earlier statement that their staff was, quote, "trained for these kinds of disruptions." But we spoke with experts who said, you know, this is beyond what most hospitals are probably prepared for. I talked with John Clark. He's an associate chief of pharmacy at the University of Michigan Health System, and he says, look, his health system can handle six to eight hours of downtime, no problem, and they've got emergency plans on the books for two to three days. But at Ascension, these systems were down for weeks.

JOHN CLARK: I don't believe that anyone is fully prepared for a long-term process like this.

FADEL: Yeah, and we've been seeing more and more of these massive cyberattacks in health care in the last few years. Why is that?

WELLS: Well, ransomware attackers have figured out that the health sector is kind of like the perfect prey here, right? They may not have the most secure systems. They're big businesses with a lot of revenue, and the stakes are really high for them, right? They've got these patients' lives on the line. So what we're watching in real time here is the hospital industry and also regulators try to catch up with what's been happening.

FADEL: That's Kate Wells with Michigan Public joining us from Ann Arbor, Mich. Thank you so much for your reporting, Kate.

WELLS: You're welcome.

Copyright © 2024 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.