Electronic patient records are back online at Ascension’s Florida health care facilities, nearly four weeks after a ransomware attack forced a systemwide shutdown.
Providers with Ascension Sacred Heart and Ascension St. Vincent's had been documenting patient care on paper since the network breech was discovered May 8.
On Tuesday, the two Florida affiliates announced that primary technology was restored, which will allow most hospital departments, physician offices and clinics to return to electronic documentation, charting and ordering systems.
“Patients should see improved efficiencies and wait times,” Gary Nevolis, a spokesman for Ascension Florida, said in a statement. “Our team continues to work tirelessly to restore other ancillary technology systems.”
St. Louis-based Ascension, which operates 140 hospitals in 19 states, has been working with cybersecurity partners to restore its entire network. Thus far, only the affiliates in Florida, Alabama and Austin, Texas, have electronic records up and running.
“Restoring electronic health record access has been among the top priorities of our recovery process,” a national Ascension spokesperson said in a Tuesday statement.
The spokesperson said the goal is retore electronic records companywide by June 14.
The health system said Ascension Rx retail, home delivery and specialty pharmacy sites are open, allowing providers to transmit prescriptions electronically to pharmacies, including Ascension Rx pharmacies.
Although the shutdown interrupted access to care at many Ascension locations – including emergency rooms – over the past month, Pensacola-based Sacred Heart and Jacksonville-based St. Vincent’s continued accepting patients.
After the hack was discovered, Ascension notified law enforcement as well as government partners, including the FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, Health Information Sharing and Analysis Center (H-ISAC) and American Hospital Association.
“While these are promising developments in our recovery efforts, our investigation into this incident remains ongoing, along with the remediation of additional systems,” the national spokesperson said. “This is a complex process, and it will still take time to complete.”
No suspects have been named in the cyberattack. Shortly after the hack, CNN cited sources in reporting the Russian-linked Black Basta group was possibly responsible. The same day, H-ISAC released a bulletin warning that Black Basta was accelerating attacks against the health care industry.
Cybersecurity experts say ransomware attacks have increased substantially in recent years, especially in the health care sector. Ransomware gangs steal data before activating malware that paralyzes networks. The threat of making stolen data public is used to extort payments.
Ascension, one the largest Catholic health systems in the country, said its electronic records and MyChart online patient portal went offline immediately after the cyberattack to prevent the automated spread of ransomware.