Ascension — which has 14 hospitals in Illinois — postponing some elective surgeries, appointments after ‘cybersecurity incident’

Ascension — which has 14 hospitals in Illinois — postponing some elective surgeries, appointments after ‘cybersecurity incident’

Ascension is postponing some non-emergency elective surgeries, tests and appointments after a cyber security event at the health system, which has about 150 sites of care in Illinois, including 14 hospitals.

Ascension’s Illinois hospitals were still providing all patient care services as of Thursday afternoon, though some medical procedures have had to be rescheduled and there have been several IT service interruptions, said Ascension Illinois spokeswoman Olga Solares, in an email.

Ascension’s electronic health records and MyChart online patient portal systems were unavailable as of Thursday evening, as well as some phone systems and various systems for ordering certain tests, procedures and medications, Ascension said in a news release.

Some Ascension hospitals in other parts of the country were on “diversion” Thursday evening, meaning ambulances were being asked to take new patients to other hospitals. None of Ascension Illinois’ 14 hospitals, however, were on ambulance diversion as of Thursday evening, Solares said. Nationwide, Ascension has about 140 hospitals.

Ascension said in the news release that patients should bring notes to their appointments about their symptoms, medications and prescription numbers.

Ascension first “detected unusual activity on select technology network systems” on Wednesday, and has since determined there was a “cybersecurity incident,” the health system said.

“We are working around the clock with internal and external advisors to investigate, contain, and restore our systems following a thorough validation and screening process,” Ascension said in the news release. “Our investigation and restoration work will take time to complete, and we do not have a timeline for completion.”

Ascension said it’s investigating the situation including what information, if any, may have been compromised. If any individuals’ personal information has been potentially exposed, Ascension said it will notify and support those individuals. Ascension said it is working with Mandiant, a third party expert, to help with the investigation and remediation process.

The incident comes shortly after Lurie Children’s Hospital in Chicago dealt with its own cyberattack earlier this year. A group named Rhysida, an overseas ransomware operation, made claims related to that attack. Lurie took its phone, email and electronic medical record systems offline Jan. 31, after the cyberattack, and its hospital, outpatient centers and primary care offices were affected, making it more difficult for patients to reach providers. Lurie restored its systems in March.

It also follows a cybersecurity incident at Change Healthcare — a unit of UnitedHealth Group — in late February, which made it difficult for many providers to file health insurance claims.