A ransomware attack on CommonSpirit, the second-largest nonprofit hospital chain in the US, caused overwhelmed emergency room nurses to take desperate measures, including calling 911 for help.
CommonSpirit operates more than 700 care sites and 142 hospitals in 21 states and is one of the largest non-profit hospital systems by revenue in the US.
Outages have occurred at CommonSpirit hospitals over the past week due to what was described initially as an “IT security issue.”
The non-profit confirmed this week that it suffered a ransomware attack, and reports revealed that the cyber incident led to delayed surgeries, hold-ups in patient care, diverted ambulances, and rescheduled doctor appointments across the US.
In a plea for help, a nurse at St. Michael Medical Center reportedly called 911 saying they were “drowning” in patients with too few healthcare professionals on hand to help everyone.
CommonSpirit issued a statement on Wednesday acknowledging the incident and assured those concerned that the organization took immediate steps to protect its systems, contain the incident, start an investigation, and ensure continuing care for its patients.
“Our facilities are following existing protocols for system outages, which includes taking certain systems offline, such as electronic health records,” CommonSpirit said in its statement. “We continue to conduct a thorough forensics investigation and review of our systems and will also seek to determine if there are any data impacts as part of that process.”
A person whose daughter is a nurse at a CommonSpirit hospital told reporters that the facility had patients on dialysis machines without current lab reports. IV medications coming from the pharmacy also had hand-written labels “without correct order information,” they said.
“Most of the nursing staff is unfamiliar with doing paper charting and handwritten information leads to errors,” the person added.
According to a study from the Ponemon institute, cyberattacks against hospitals directly lead to higher mortality rates.