(844) 627-8267
(844) 627-8267

“It is not safe.” Ascension nurses raising alarm during ransomware attack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Nurses at several Ascension hospitals in Michigan say they’re increasingly concerned their patients aren’t getting safe care, more than a week after a massive ransomware attack hit the health system.

Doctors and nurses at Ascension hospitals say they still don’t have access to patients’ electronic medical records — including their histories, medications, allergies, or real-time test results. Patients are going into elective surgeries before all their lab results have been completed, while blood and urine samples are getting lost in transit, medical staff said. Lab and imaging results that can indicate whether a patient is having a heart attack or a brain bleed are getting misplaced in the blizzard of paper constantly being spit out of fax machines, sometimes going to the wrong department or arriving nearly a week after being ordered.

Yet the volume of elective surgeries isn’t slowing down at hospitals like Ascension Providence in Rochester, said Dina Carlisle, president of OPEIU Local 40. The union represents registered nurses at Ascension Providence in Rochester and McLaren Macomb.

“This is a safety concern, and these nurses are worried sick over it,” Carlisle said Friday. “We care about our patients. We want to give the best possible care. And this is beyond a challenge that many have never seen.”

“I probably said 25 times [during my shift this week], ‘We should not be doing elective surgeries,’” said a nurse at Ascension Providence in Rochester, who works with surgical patients. (Michigan Public is not using the names of individual nurses or doctors at Ascension, because they haven’t been authorized to speak publicly about the cyberattack, and could face professional repercussions.) “When they’re elective, they can be rescheduled or taken to other hospitals. Patient safety is at risk.”

Fears about medication errors, missing test results 

Four nurses at two Ascension hospitals told Michigan Public they’re worried about losing their licenses or worse, failing to catch a medication error that could hurt or even kill a patient. “People have brought up RaDonda Vaught,” the nurse at Ascension Providence in Rochester said, referring to a former Tennessee nurse who was convicted of negligent homicide after mistakenly administering the wrong medication, which led to the patient’s death.

Normally, when a doctor orders a medication for a patient, it gets verified by the hospital’s pharmacy team, through an electronic system that reviews the patient’s medical records, tests, and labs, and issues alerts about any possible harmful drug interactions or risks. Once it’s approved, a nurse can then access it through a computerized medication dispenser on their unit, entering the patient’s information, the name of the medication, and using a system of barcodes that ensure the right medication is going to the right patient.

But now, Ascension nurses are being told to manually override that system, multiple nurses said — even though that’s known to increase the risk of medication errors and should only be done in “extreme emergencies,” according to the American Journal of Nursing

“You’ll have a physician write a paper order, and I take a paper order, I walk to the medication machine, I override everything. I’m the check. It doesn’t go to a pharmacist first. I’m the only check,” the nurse at Ascension Providence in Rochester said.

During a ransomware attack, hospitals “lose some of those technology-based safety features that are available in health systems in normal circumstances,” said John Clark, the associate chief pharmacy officer for the University of Michigan health system.

The most dangerous medications are those given via injection, usually to patients who’ve been admitted to the ICU, oncology or other inpatient units, he said. “And with injectable products, that’s where some of our biggest harms in [the] hospital can happen. For those reasons, we have technologies that help us make those products better by taking pictures, by taking the weight of the product before and after it’s made. … My biggest concern is, do we have the same level [of security] in place [during a ransomware attack] for things like injectable products, where that could slip through? Because to a nurse, everything looks like a clear liquid for the most part when it’s in an IV bag.”

A nurse at Ascension Borgess in Kalamazoo called the situation “an epic disaster.” Nurses there also have safety concerns about continuing elective surgeries because of the lack of access to patient medical information and significant delays in labs and tests.

And ER nurses say they’re also extremely uneasy. For instance: when patients arrive unconscious or unresponsive with a major head injury, they’ll likely need a CT scan. But without access to their medical records, nurses have no way to know if they’re allergic to the IV dye used during the scan — which, in very rare cases, can cause severe or even fatal reactions. An ER nurse at Ascension St. John in Detroit said she’s been asking hospital leaders if they should just premedicate people before CT scans in those situations.

“And if we administered something and they had a reaction, and god forbid it had the worst possible outcome, who do you think would be blamed for it?” the ER nurse said. “This is exactly how a RaDonda Vaught happens. You don’t have a way to scan your meds.”

Meanwhile, crucial labs, tests, and imaging results are regularly getting delayed or lost, nurses said. Without a shared, electronic system for sending and receiving results, everything has to be written down on paper, faxed to the labs or radiology department, and then hope the results find their way back to the right place — not a guarantee when the hospital is using Google sheets to track which patients are in the emergency room and where they are, nurses said.

“We took over for a patient in the morning and they were waiting for a CT scan,” the ER nurse at Ascension St. John said Friday. “It was a patient that really shouldn’t have waited. I called [the] x-ray [team, and they said], ‘Oh, we must have lost the order.’ I refaxed it, and called a few hours later. ‘Oh, well, the order came over on landscape orientation [rather than portrait] and we couldn’t read it.’ But nobody called [to tell me].”

Because Ascension St. John is the Level 1 trauma center on Detroit’s east side, “obviously if someone is having an absolute emergency, you want them to come somewhere close,” the ER nurse said. “But when I can’t find someone’s critical lab work or I don’t know if someone has a brain bleed … what good are we doing? At what point are we turning into patient harm?”

Ascension spokesperson: “Minimal to no interruption” to care

An Ascension spokesperson declined to answer questions about the nurses’ specific concerns regarding surgeries and medication errors. In a written statement, the company repeated assurances that patient safety is its “utmost priority” and urged patients to continue to show up for appointments unless instructed otherwise.

“Our dedicated doctors, nurses, and care teams are demonstrating incredible thoughtfulness and resilience” the spokesperson said in an email Friday referring patients to a website for updates. “Our care teams are well versed on dynamic situations and are appropriately trained to maintain high quality care during downtime. Our leadership, physicians, care teams, and associates are working to ensure patient care continues with minimal to no interruption.

Carlisle, the Local 40 president, said the union has communicated its concerns about the volume of surgeries to Ascension, with little response. “They’re vague and dismissive. That’s the nicest I can put it.”


Click Here For The Original Source.


National Cyber Security