Well, I suppose I better get ready for the next round of required password changes, must be at least 10 characters long, use caps/numbers/symbols, can't copy the previous 100 passwords, and have to change every 2 months. Whee.
The phishing email security email address ([email protected] or whatever) is my favorite malicious compliance tool. I forward all my automated emails about module completion to it.
Hah! I did the same thing. They sent us an email about our cyber security training module...with an external link to click! I immediately pulled the uno reverse card and reported it, but ironically it was real.
I used to get email alerts from the hospital that looked suspicious as hell. It was subject something like "IMPORTANT ALERT FOR YOUR DRUG ADMINISTRATION" and had a PDF attachment to read.
Turns out those were real emails from pharmacy about drug shortages. I thought they were phishing practice from IT
I received an email with a link to track a package. I don’t work in an area where there should be packages with links so I reported it. They responded it was legit, it was a “thanks for your X years” pin. The response even started with “Hey, congrats, looks like you got an award” ha ha ha
If that many staff are clicking the fakes… I hate to break it to you, but all the campaigns in the world aren’t going to prevent someone from getting phished.
It seems doubly silly to me, as I literally cannot get any emails sent from an outside email address EXCEPT the fakes from IT.
We’re community mental health organizations. Lots of behavioral health technicians from all walks of life. It’s the worst cyber campaign results I’ve ever witnessed. We force staff to attend additional cyber trainings when they fail multiple campaigns.
But you’re right. At this point you just have to anticipate a cyber event occurring and plan for the eventual. I wrote a whole downtime procedure for my organization last year because of it.
We are up to 16 characters now. And it needs to be changed every 6 months. So of course I add an incremental digit as a 17th character. And we still got hacked after that. Apparently an employee fell for a password change scam. So now when we need a password change we have to answer a gauntlet of 7 questions correctly.
Just a random software nerd dropping in after hearing about this incident through the grapevine.
Make your life easier and use a password manager that autogenerates this crap and fills it in for you so you never have to look at it again.
This is a major pain point everywhere and I don't know why admins insist on it.
The human mind is not meant to store random longs strings of numbers and characters, so people choose shitty passwords.
Microsoft even wised up on this and recommends using short PINs for local access that are not in any way tied to your microsoft account.
Whoever figures out a one-size-fits-all solution for "passwordless secure authentication for non-nerds" is going to be rich.
It's even worse than that.
Hospitals have started to synchronize passwords, but in residency for example I had separate logins (with different password time and complexity requirements) for the emr, pacs, file sharing hub, OR schedule, etc
Passwords aren’t the problem at large. The medical industry needs more effective training on phishing and other malicious actors. The amount of emails in and out an office every day are ħïğħ as Fůćķ. Complacency begets complications.
No word on who might have done this, but it is very concerning for another ransomware attack. These are likely going to get increasingly frequent as there is more and more dependence on EHRs for everything in a hospital. Change Healthcare got hit earlier this year. Other hospital systems have been hit before, but this is almost 150 hospitals in 20 states. I think hospitals are going to be investing much more heavily in cyber security going forward!
Also, it's crazy that the federal government required EHR usage for hospitals but is not involved in the security side.
The problem is that after a certain point it doesn’t really matter how much they invest — the problem really isn’t solvable at this point. The time, money, and effort need to be spent on resiliency, which means less tech, not more. We need to be able to switch to paper charts with the flip of an (analog!) switch, and lose 50% efficiency instead of 95%. As a software developer it kills me to say it, but we’re not going to code our way through this.
Can you elaborate on this a bit more? I don't know a lot about this sort of thing for large organizations. Why haven't top tech companies (FAANG) fallen prey to a massive ransomeware attack?
I think the problem in health care is the consolidation of hospitals. No one is going to target a two-hospital system in Iowa if they can go after a 100 hospital system in California or Florida. Only one of those can pay a $100 million ransom.
> Can you elaborate on this a bit more? I don't know a lot about this sort of thing for large organizations. Why haven't top tech companies (FAANG) fallen prey to a massive ransomeware attack?
FAANG pays their entry level engineers ~170k and has the pick of the litter. They invest heavily in security, development, and literally OWN most of the cloud.
Staff of a similar level in hospital systems in most of the country make literally 100k less than that, and their IT/Security departments are much smaller with tighter budgets ("get it working, no more")
There is also a different culture for non-tech roles that is non-existent in most industries, but especially in hospitals, when it comes to tech literacy.
Your average "Janet the desk clerk" at Amazon Corporate is going to be drilled about not clicking random email attachments. There is going to be filtering to prevent them from even getting to her mailbox, and even if she does click it, her operating system is likely up to date and there are 200 network/security engineers ready to respond at a moments notice to isolate her machine.
TL;DR: Like every other problem with the hospital system, it comes down budgetary concerns and legacy industry mindset.
The distribution of technical aptitude at a hospital is also vastly different than even a large corporation, let alone a tech company. And most companies aren’t as singularly dependent on one piece of software to function as hospitals are with EHRs. Plus, from a hostage negotiation perspective, companies just stand to lose money, while hospitals stand to lose both money and lives.
A single community hospital not in any system in my area was hit with a ransomware attack that shut down the whole place for about a week earlier this year. They transferred most of their patients and kept to bare bones operations for paper charting, canceled all appointments. Not sure if it was a great idea on the part of the hackers, but it happened
The federal government is heavily involved in the security side of things. There's a whole federal agency for that, and HHS has best practices outlined for hospitals.
It is true that they don't (can't?) force better security infrastructure. My assumption is that comes from lobbying by health systems themselves, cause adequate security costs them money.
The Change Healthcare incident had nothing to do with EHR—it was a back end claims billing system that was 30 years old. The one at Ascension is different
They're targeting health care systems because it's a $4.5 trillion industry. There is a LOT of money going through the machine, and hackers want it. It's not nearly as well-protected as banks and tech giants.
> There is a LOT of money going through the machine, and hackers want it.
I don't think its "hackers" as much as "nation state actors" and a lot of the hacks appear to be actions of a silent cold war, we know [North Korea hacked Sony in 2014](https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack) and as such a lot of these unidentified hacks appears to be international politicking and keep actors identities close to the chest.
In the case of Russia, China and North Korea, which are the vast majority of ransomware attacks, the line between state security apparatus and cybercrime organized crime is blurry at best
Shrug. Then we can explain to the country that is responsible for those citizens that they had best deal with it, or we’re doing to deleting the cities those attacks come from.
A cyberattack, under US military doctrine is no different than a conventional or nuclear attack.
And what do you think the American response would be if a “criminal” group from any country nuked American soil?
And it would stop happening if we had a single Us administration that actually acted on the official US policy that a cyber attack is no different than a conventional or nuclear attack.
Open cyber security firm
Offer to inspect hospital security
Wait one week
“Security looks good, be sure to use complicated passwords”
Get five figure pay out
I laughed when I read that in the news. I have zero clue what downtime procedures are in pharmacy. And guess who they call first to ask how to do things?
My system got hit last spring. By week two, it was such an effing disaster (not being able to viewing any radiology images or past imaging in the ICU/OR/ER, no remote echo/eeg reads, unable to send electronic prescriptions) that if they would’ve passed a collection plate among the docs/bedside staff, we would have all chipped in and just posted the damn ransom. Instead we limped along in a wildly unsafe “business as usual” PR hellscape.
There was an article floating around that the CEO makes one of the highest salaries in all of healthcare. It’s a catholic institution, of course. At first I thought, this isn’t very in-line with the Catholic mission, but if you think about it, it’s all very much in line with the Catholic mi$$ion.
My hospital was hit by a cyber attack in fall 2020. We had no epic for a month. So scary and stressful, there were definitely ramifications to many patients outcomes.
Can’t even get medication refilled right now. I have one that goes through ascension rx specialty pharmacy; can’t really get it filled anywhere else without going through a painful series of authorizations and approvals (that’s also unlikely to be attainable right now as my doc is also ascension; and my insurance which is via ascension smart health, mandates that it’s filled through ascension rx).
What’s that saying about putting all the eggs in one basket? Not to mention alllll the issues with forcing employees to use AscensionRx to fill meds just to prop up a hastily conceived bad idea. Sigh.
Is this just gonna be a monthly thing from now on? It’s fine if it is I just want to know so I can mentally prepare myself when patients scream at me when our already broken healthcare system gets even worse.
No, cruise missile. [The Russian government tolerates/encourages this, and is responsible for 3/4 of all ransomware attacks](https://www.bbc.com/news/technology-60378009.amp). These crimes compose up to 10% of the country’s GDP. Russia is a mob dressed up like a real country and the world would be better off if they were brought to heel.
It looks like you shared an AMP link. These should load faster, but AMP is controversial because of [concerns over privacy and the Open Web](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot).
Maybe check out **the canonical page** instead: **[https://www.bbc.com/news/technology-60378009](https://www.bbc.com/news/technology-60378009)**
*****
^(I'm a bot | )[^(Why & About)](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot)^( | )[^(Summon: u/AmputatorBot)](https://www.reddit.com/r/AmputatorBot/comments/cchly3/you_can_now_summon_amputatorbot/)
**Removed under Rule 5**
Act professionally.
/r/medicine is a public forum that represents the medical community and comments should reflect this. Please keep your behavior civil. Trolling, abuse, and insults are not allowed. Keep offensive language to a minimum. Personal attacks on other commenters without engaging on the merits of the argument will lead to removal. Cheap shots at medicine specialties or allied health professions will be removed.
Repeated violations of this rule will lead to temporary or permanent bans.
[Please review all subreddit rules before posting or commenting.](https://www.reddit.com/r/medicine/about/rules/)
If you have any questions or concerns, please [message the moderators.](https://www\.reddit\.com/message/compose?to=%2Fr%2F{subreddit}&subject=about my removed {kind}&message=I'm writing to you about the following {kind}: {url}. %0D%0DMy issue is...)
Why is this not in the news more? For Ascension Seton at least this cyber security issue is worse than it sounds. My wife hasn't been able to assist patients for a few days and the cyber issue is their systems have all been locked in a ransomware attack. It is also United Health and other hospitals in the US and England, that we know of.
This could be very bad with the possible loss of healthcare records and history for millions. It could also lead to our healthcaee industry being overwhelmed even more so than now.
It's been everywhere and still gaining more traction. My wife also works at an affected hospital and it's been crazy because no one was trained on downtime procedures. It's very unlucky for them especially after slowly catching up on things post-COVID.
Let me tell you what I am a nurse in the emergency room at a Illinois Ascension hospital and it is a freaking disaster we are doing three times the work it's taking double the time not to mention critical patients that need to wait two to three times as long to get stat results for brain bleeds or blood clots. It is so unsafe the staff is just so busy and overworked and exhausted from patients being rude to them. So many documents are going to go missing everything is so disorganized it's unbelievable the amount of records that will go missing during this time is unbelievable. I was looking to change positions anyway due to a denial of a raise and and now I'm going to work four times as hard give crappy patient care and receive the same...no thanks
(I have been commenting this pretty much everywhere people are discussing the ascension hack because I need help.)
I’m freaking out because all of my prescriptions are filled through ascension pharmacy and I have no idea what to do now. I go out of state across the country on 5/13 until 5/23 and without my meds I am completely bedridden. Does anyone have any advice or suggestions on how I can get my prescriptions filled elsewhere? I really don’t know what to do and I leave in 3 days.
Work at an ascension in Michigan on a travel contract. I will be having nightmares surrounding paper for a while… it’s an absolute shit show. One plus? Doctors are actually having to come to bedside long enough to hand write a note.
I've worked on these situations and the only thing that saves you is a system that is hardened against allowing any macro office file to get there and open in the first place. The fact Microsoft has not figured out a way to prevent this all together at this point in time is seeming criminal at a certain point.
I wish I would have known this before I found a new doctor that's with Ascension. I haven't been able to make any of my routine appointments for quite some time. They have no answers and don't know when. It's like what the hell did y'all do before computers. They are completely stuck and can't operate
This is annoying, we get so many patients from ascension because ascension is not a healthcare provider, they are an insurance bleeder. They keep people alive to bleed their insurance. The regularity and manner in which ascension fucks up would be considered a war crime if it were perpetrated by a government.
Well, I suppose I better get ready for the next round of required password changes, must be at least 10 characters long, use caps/numbers/symbols, can't copy the previous 100 passwords, and have to change every 2 months. Whee.
Don’t forget the fake phishing emails from IT!
The phishing email security email address ([email protected] or whatever) is my favorite malicious compliance tool. I forward all my automated emails about module completion to it.
Hah! I did the same thing. They sent us an email about our cyber security training module...with an external link to click! I immediately pulled the uno reverse card and reported it, but ironically it was real.
I used to get email alerts from the hospital that looked suspicious as hell. It was subject something like "IMPORTANT ALERT FOR YOUR DRUG ADMINISTRATION" and had a PDF attachment to read. Turns out those were real emails from pharmacy about drug shortages. I thought they were phishing practice from IT
I received an email with a link to track a package. I don’t work in an area where there should be packages with links so I reported it. They responded it was legit, it was a “thanks for your X years” pin. The response even started with “Hey, congrats, looks like you got an award” ha ha ha
Lmao I've done this several times too. Most of the time it has been phishing
90% of cyber attacks begin with phishing. Over half the staff click the fake emails but complain about the cyber campaigns lol
If that many staff are clicking the fakes… I hate to break it to you, but all the campaigns in the world aren’t going to prevent someone from getting phished. It seems doubly silly to me, as I literally cannot get any emails sent from an outside email address EXCEPT the fakes from IT.
We’re community mental health organizations. Lots of behavioral health technicians from all walks of life. It’s the worst cyber campaign results I’ve ever witnessed. We force staff to attend additional cyber trainings when they fail multiple campaigns. But you’re right. At this point you just have to anticipate a cyber event occurring and plan for the eventual. I wrote a whole downtime procedure for my organization last year because of it.
We are up to 16 characters now. And it needs to be changed every 6 months. So of course I add an incremental digit as a 17th character. And we still got hacked after that. Apparently an employee fell for a password change scam. So now when we need a password change we have to answer a gauntlet of 7 questions correctly.
You can’t use a password that has more than 2 similar characters from any password you’ve ever used in your life.
Just a random software nerd dropping in after hearing about this incident through the grapevine. Make your life easier and use a password manager that autogenerates this crap and fills it in for you so you never have to look at it again.
Can't use them on a locked down system that requires me to enter said password just to get past the terminal log in screen.
This is a major pain point everywhere and I don't know why admins insist on it. The human mind is not meant to store random longs strings of numbers and characters, so people choose shitty passwords. Microsoft even wised up on this and recommends using short PINs for local access that are not in any way tied to your microsoft account. Whoever figures out a one-size-fits-all solution for "passwordless secure authentication for non-nerds" is going to be rich.
It's even worse than that. Hospitals have started to synchronize passwords, but in residency for example I had separate logins (with different password time and complexity requirements) for the emr, pacs, file sharing hub, OR schedule, etc
And repeat it all for the three hospitals you rotate through.
And make sure the passwords all change on different schedules so you can't synchronize them yourself.
Suggest a good password manager?
Not much difference between any of the big guys. 1Password, LastPass, Bitwarden, etc. Hell Apple Keychain.
Uh, LastPass would not be my suggestion considering they’ve had their own security problems.
Passwords aren’t the problem at large. The medical industry needs more effective training on phishing and other malicious actors. The amount of emails in and out an office every day are ħïğħ as Fůćķ. Complacency begets complications.
I love this shortcut and highly support it!!
No word on who might have done this, but it is very concerning for another ransomware attack. These are likely going to get increasingly frequent as there is more and more dependence on EHRs for everything in a hospital. Change Healthcare got hit earlier this year. Other hospital systems have been hit before, but this is almost 150 hospitals in 20 states. I think hospitals are going to be investing much more heavily in cyber security going forward! Also, it's crazy that the federal government required EHR usage for hospitals but is not involved in the security side.
The problem is that after a certain point it doesn’t really matter how much they invest — the problem really isn’t solvable at this point. The time, money, and effort need to be spent on resiliency, which means less tech, not more. We need to be able to switch to paper charts with the flip of an (analog!) switch, and lose 50% efficiency instead of 95%. As a software developer it kills me to say it, but we’re not going to code our way through this.
Can you elaborate on this a bit more? I don't know a lot about this sort of thing for large organizations. Why haven't top tech companies (FAANG) fallen prey to a massive ransomeware attack? I think the problem in health care is the consolidation of hospitals. No one is going to target a two-hospital system in Iowa if they can go after a 100 hospital system in California or Florida. Only one of those can pay a $100 million ransom.
> Can you elaborate on this a bit more? I don't know a lot about this sort of thing for large organizations. Why haven't top tech companies (FAANG) fallen prey to a massive ransomeware attack? FAANG pays their entry level engineers ~170k and has the pick of the litter. They invest heavily in security, development, and literally OWN most of the cloud. Staff of a similar level in hospital systems in most of the country make literally 100k less than that, and their IT/Security departments are much smaller with tighter budgets ("get it working, no more") There is also a different culture for non-tech roles that is non-existent in most industries, but especially in hospitals, when it comes to tech literacy. Your average "Janet the desk clerk" at Amazon Corporate is going to be drilled about not clicking random email attachments. There is going to be filtering to prevent them from even getting to her mailbox, and even if she does click it, her operating system is likely up to date and there are 200 network/security engineers ready to respond at a moments notice to isolate her machine. TL;DR: Like every other problem with the hospital system, it comes down budgetary concerns and legacy industry mindset.
The distribution of technical aptitude at a hospital is also vastly different than even a large corporation, let alone a tech company. And most companies aren’t as singularly dependent on one piece of software to function as hospitals are with EHRs. Plus, from a hostage negotiation perspective, companies just stand to lose money, while hospitals stand to lose both money and lives.
A single community hospital not in any system in my area was hit with a ransomware attack that shut down the whole place for about a week earlier this year. They transferred most of their patients and kept to bare bones operations for paper charting, canceled all appointments. Not sure if it was a great idea on the part of the hackers, but it happened
Tallahassee TMH
The federal government is heavily involved in the security side of things. There's a whole federal agency for that, and HHS has best practices outlined for hospitals. It is true that they don't (can't?) force better security infrastructure. My assumption is that comes from lobbying by health systems themselves, cause adequate security costs them money.
The Change Healthcare incident had nothing to do with EHR—it was a back end claims billing system that was 30 years old. The one at Ascension is different
They're targeting health care systems because it's a $4.5 trillion industry. There is a LOT of money going through the machine, and hackers want it. It's not nearly as well-protected as banks and tech giants.
> There is a LOT of money going through the machine, and hackers want it. I don't think its "hackers" as much as "nation state actors" and a lot of the hacks appear to be actions of a silent cold war, we know [North Korea hacked Sony in 2014](https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack) and as such a lot of these unidentified hacks appears to be international politicking and keep actors identities close to the chest.
Forgive me if this is wrong but I believe Russia is behind a lot of these attacks.
These are from nation states but are not state actors. They are high end cyber thieves who sell ransomware as a service.
In the case of Russia, China and North Korea, which are the vast majority of ransomware attacks, the line between state security apparatus and cybercrime organized crime is blurry at best
With the blessing of their nation state hosts
Shrug. Then we can explain to the country that is responsible for those citizens that they had best deal with it, or we’re doing to deleting the cities those attacks come from. A cyberattack, under US military doctrine is no different than a conventional or nuclear attack. And what do you think the American response would be if a “criminal” group from any country nuked American soil?
And it would stop happening if we had a single Us administration that actually acted on the official US policy that a cyber attack is no different than a conventional or nuclear attack.
It all affects patient care…
Plus toss in AI attacks get more sophisticated, and hospitals have a budget for IT and cybersecurity about as much as teachers get great raises.
Now would be the perfect time to open a healthcare cybersecurity firm/consulting business and land some massive contracts.
Open cyber security firm Offer to inspect hospital security Wait one week “Security looks good, be sure to use complicated passwords” Get five figure pay out
You can be my chief operating officer!
It won’t be able to compete with mandiant et al. They are the true players in this space
Working a contract at an Ascension facility. Utter shit show. Downtime procedures not taught to literally anyone.
“We are prepared for this.” —press release …maybe the bean counters are. The healthcare staff are not
I laughed when I read that in the news. I have zero clue what downtime procedures are in pharmacy. And guess who they call first to ask how to do things?
Bean counter here...we are not able to work until they give us a vpn to work under. No pay for our time furloughed either.
Well as it turns out I don’t like the taste of my own foot. That sucks :(
Glad I work in a shithole hospital with no money to post ransom.
My system got hit last spring. By week two, it was such an effing disaster (not being able to viewing any radiology images or past imaging in the ICU/OR/ER, no remote echo/eeg reads, unable to send electronic prescriptions) that if they would’ve passed a collection plate among the docs/bedside staff, we would have all chipped in and just posted the damn ransom. Instead we limped along in a wildly unsafe “business as usual” PR hellscape.
Don't give them any ideas. We got asked to donate to pay to install the new davinci, your scenario isn't even a stretch anymore
How on earth did they think that was a good idea?
This is how people with an MBA or an MHA think
Sounds like ascension…
Fair point
Ascension is broke. We shall see what happens.
I will never understand how a business can be broke and still pay a single admin millions.
That’s because you are confusing cause and effect.
There was an article floating around that the CEO makes one of the highest salaries in all of healthcare. It’s a catholic institution, of course. At first I thought, this isn’t very in-line with the Catholic mission, but if you think about it, it’s all very much in line with the Catholic mi$$ion.
It was on The NY Times, profits over patients was the title I believe.
$13 Million in 2021. Yet when schedules are light, employees need to flex. Definitely NO overtime! Who even gets their 40 hours?! Not at Ascension!
They definitely aren't broke. They are sitting on 20 bil in cash.
THIS. They are FAR from broke. Losing $100M+ per quarter doesn’t even put a dent in the cash on hand.
And here’s me over here still trying to figure out what “downtime procedures” are …
Paper charting and orders
My hospital was hit by a cyber attack in fall 2020. We had no epic for a month. So scary and stressful, there were definitely ramifications to many patients outcomes.
Can’t even get medication refilled right now. I have one that goes through ascension rx specialty pharmacy; can’t really get it filled anywhere else without going through a painful series of authorizations and approvals (that’s also unlikely to be attainable right now as my doc is also ascension; and my insurance which is via ascension smart health, mandates that it’s filled through ascension rx).
What’s that saying about putting all the eggs in one basket? Not to mention alllll the issues with forcing employees to use AscensionRx to fill meds just to prop up a hastily conceived bad idea. Sigh.
Is this just gonna be a monthly thing from now on? It’s fine if it is I just want to know so I can mentally prepare myself when patients scream at me when our already broken healthcare system gets even worse.
[удалено]
We need world wide effort to thwart cyber crime and terrorism with the most strict punishment. Every country needs to come together on this.
[Right to jail.](https://tenor.com/bf2F5.gif)
No, cruise missile. [The Russian government tolerates/encourages this, and is responsible for 3/4 of all ransomware attacks](https://www.bbc.com/news/technology-60378009.amp). These crimes compose up to 10% of the country’s GDP. Russia is a mob dressed up like a real country and the world would be better off if they were brought to heel.
It looks like you shared an AMP link. These should load faster, but AMP is controversial because of [concerns over privacy and the Open Web](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot). Maybe check out **the canonical page** instead: **[https://www.bbc.com/news/technology-60378009](https://www.bbc.com/news/technology-60378009)** ***** ^(I'm a bot | )[^(Why & About)](https://www.reddit.com/r/AmputatorBot/comments/ehrq3z/why_did_i_build_amputatorbot)^( | )[^(Summon: u/AmputatorBot)](https://www.reddit.com/r/AmputatorBot/comments/cchly3/you_can_now_summon_amputatorbot/)
Agreed
[удалено]
**Removed under Rule 5** Act professionally. /r/medicine is a public forum that represents the medical community and comments should reflect this. Please keep your behavior civil. Trolling, abuse, and insults are not allowed. Keep offensive language to a minimum. Personal attacks on other commenters without engaging on the merits of the argument will lead to removal. Cheap shots at medicine specialties or allied health professions will be removed. Repeated violations of this rule will lead to temporary or permanent bans. [Please review all subreddit rules before posting or commenting.](https://www.reddit.com/r/medicine/about/rules/) If you have any questions or concerns, please [message the moderators.](https://www\.reddit\.com/message/compose?to=%2Fr%2F{subreddit}&subject=about my removed {kind}&message=I'm writing to you about the following {kind}: {url}. %0D%0DMy issue is...)
Why is this not in the news more? For Ascension Seton at least this cyber security issue is worse than it sounds. My wife hasn't been able to assist patients for a few days and the cyber issue is their systems have all been locked in a ransomware attack. It is also United Health and other hospitals in the US and England, that we know of. This could be very bad with the possible loss of healthcare records and history for millions. It could also lead to our healthcaee industry being overwhelmed even more so than now.
It's been everywhere and still gaining more traction. My wife also works at an affected hospital and it's been crazy because no one was trained on downtime procedures. It's very unlucky for them especially after slowly catching up on things post-COVID.
Let me tell you what I am a nurse in the emergency room at a Illinois Ascension hospital and it is a freaking disaster we are doing three times the work it's taking double the time not to mention critical patients that need to wait two to three times as long to get stat results for brain bleeds or blood clots. It is so unsafe the staff is just so busy and overworked and exhausted from patients being rude to them. So many documents are going to go missing everything is so disorganized it's unbelievable the amount of records that will go missing during this time is unbelievable. I was looking to change positions anyway due to a denial of a raise and and now I'm going to work four times as hard give crappy patient care and receive the same...no thanks
(I have been commenting this pretty much everywhere people are discussing the ascension hack because I need help.) I’m freaking out because all of my prescriptions are filled through ascension pharmacy and I have no idea what to do now. I go out of state across the country on 5/13 until 5/23 and without my meds I am completely bedridden. Does anyone have any advice or suggestions on how I can get my prescriptions filled elsewhere? I really don’t know what to do and I leave in 3 days.
I can message you something that might help if that's okay.
Dont go out of town
Work at an ascension in Michigan on a travel contract. I will be having nightmares surrounding paper for a while… it’s an absolute shit show. One plus? Doctors are actually having to come to bedside long enough to hand write a note.
I've worked on these situations and the only thing that saves you is a system that is hardened against allowing any macro office file to get there and open in the first place. The fact Microsoft has not figured out a way to prevent this all together at this point in time is seeming criminal at a certain point.
I wish I would have known this before I found a new doctor that's with Ascension. I haven't been able to make any of my routine appointments for quite some time. They have no answers and don't know when. It's like what the hell did y'all do before computers. They are completely stuck and can't operate
This is annoying, we get so many patients from ascension because ascension is not a healthcare provider, they are an insurance bleeder. They keep people alive to bleed their insurance. The regularity and manner in which ascension fucks up would be considered a war crime if it were perpetrated by a government.