Cyberattack forces Ascension hospitals in Michigan to reroute patients


Investigators are “working around the clock” to contain the breach and “restore our systems,” according to a statement by Ascension Thursday evening. “Our investigation and restoration work will take time to complete, and we do not have a timeline for completion.”

Ascension Michigan spokesperson Airielle Taylor said Friday the health system was “still detecting unusual activity.”


On Thursday, patients arriving at Ascension Macomb-Oakland Hospital were rerouted under a diversion protocol, Taylor said.

But such problems “fluctuated,” she said. Other locations were not under a diversion protocol, but it was not clear if that would change, she said.

She said patients are advised to “have your medications written down and have your symptoms written down.”

The problems began Wednesday when the St. Louis-based hospital system “detected unusual activity on select technology network systems,” determining it to be a “cybersecurity event,” according to a statement released early Thursday.

That included patient records on MyChart, which allows patients to see their records, schedule appointments and talk with providers.

Ascension advised that its business partners “temporarily suspend the connection to the Ascension environment” until further notice.

The chain on Thursday sought to reassure the public that Ascension staff “are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.”

to divert patients from some locations throughout the 140-hospital system to other hospitals. Ascension has hospitals in 19 states, including 15 in Michigan. It also operates 40 senior living facilities.

The Ascension breach is the latest from a “constant threat and attack” by cyberattackers, said one cybersecurity expert that works with Michigan hospitals.

“Because it’s an ecosystem in which information is shared, it’s a system that can be vulnerable” to attack, said Eric Eder, president of CyberForce|Q, which operates the Michigan Healthcare Security Operations Center and works with the Michigan Health & Hospital Association, an effort in which hospitals and health-care systems share information as quickly as possible during a breach.

Eder declined to comment on the attack on Ascension. But speaking in generalities, he said attacks on health care are usually sophisticated and well-coordinated among many individuals, using bots and other automated means to search out a system’s vulnerabilities.

“There’s this image of the hacker over a laptop in a hoodie,” he said. 

Rather, “it’s a more coordinated effort with a mix of automated systems and human actors.”

Ascension is working with Mandiant, a third-party cybersecurity firm and subsidiary of Google, to assist in the investigation, according to its statement early Thursday.

Hospital officials said they were trying to determine “what, if any” information had been breached.


Leave a Reply

Your email address will not be published. Required fields are marked *