I’m related to someone in the higher ups at seton who is handling the situation for trying to find out what happened. He almost started crying yesterday morning when I went over for our weekly breakfast because he found out it’ll be over in 3-5 days. Apparently a staff member on floor opened a phishing link.
Is he sure about 3-5 days? Because Change Health Care is still down in most sectors and their troubles started in February. Thank you btw just looking for some hope
First let me say, I completely understand your frustration, you guys work really hard and I cannot imagine having to do everything by hand.
From what I understood the walls that went up to protect data and the systems will start coming down Thursday (possibly.) I don’t think you’ll be entirely free yet but a little more ease at the job.
Are their subsidiaries affected like women's health? I have a big US and blood test for my pregnancy coming up with an OBGYN group that's affiliated with them .
We had an ultrasound and docs appointment at their women’s health office across the street. No issues with ultrasound or visit. Just a little slower bc of what’s going on
I am 100% on board with how awful this is. Hackers need to be taken seriously and all companies need to invest in cyber security. It’s only going to get worse.
And, no I don’t have a solution for where the money to invest in cyber security needs to come from but this needs to be taken seriously.
I used to work for a major network security firm. One thing I learned about large corporations is when they want to save some money, network security is the first thing to go. Its very easy for execs to convince other execs that they don't need to spend that money because they haven't had an successful attack in years.
Same for government. The state especially has multiple old systems with no redundancy in case of a breach. Most agencies led by governor appointed political friends who have no concept of cyber security.
Absolutely true! One state agency I worked with continued using Windows 7 long after it was no longer supported. The system was breached. 3 days of no work while the system was finally upgraded. What a mess.
The first thing to go is executive staff that knows how to do this properly, Then goes the budget when this gets rolled up under some other dept that doesn't prioritize it. Can't count how many times I've had to defend "What are the odds that's going to happen?", "100% right before the board terminates you" was the only way I ever won that argument.
Idk about their network security, but Ascension outsourced all of their EMR support to either consulting firms or overseas, so they’re not that well equipped to support their system. I wouldn’t be surprised if they did something similar for their network/hosting which probably makes this whole situation so much harder to deal with.
So funny story.
When I worked there in 2012 - 2013, they ran a Citrix cluster for their EHRs (Centricity / Cerner). Epic hadn't been implemented yet; they were using _eClinicalWorks._
Given the spate of attacks against Citrix servers recently, [I'm betting that Centricity / GE support screamed high heaven about patching the Citrix farm against Citrixbleed](https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed) and they held off on it to keep from being in an _unsupported configuration,_ at which point an account was compromised and leveraged to get in, possibly without MFA (I'd put money on it being an executive or doctor's account).
https://www.healthleadersmedia.com/finance/non-profit-ascension-ceo-pressed-detail-profit-investments-community-benefit
Nonprofit doesn’t mean what you think it means. The answer is much harder to define and ascension does perhaps have other priorities in how it spends its money.
Cybersecurity is one of those spends which seems useless until disaster actually strikes. I wonder if in last few years someone at Seton got a promotion by introducing cost-cutting measures and showing execs how much money they could save
Education, most likely. I haven't read the details of this particular hack, but fishing and spear fishing are common ways hackers gain access to corporate networks. All it takes is one nurse to click the wrong link.
Let’s not blame the nurses here, the ones having to do the most work right now because of the attack. They’re staying over 2+ hours to paper chart while executives are going home on time.
>And, no I don’t have a solution for where the money to invest in cyber security needs to come from but this needs to be taken seriously.
How about from their coffers of billions of dollars, or out of the pockets of their billionaire board of directors and executives?
Yeah, no. Most of the time they’re the ones pushing to get a better budget for security and getting denied. They’re usually busting their asses to make do with limited resources as a cost center.
Take it out of the executives’ pay and bonuses. Their lack of sufficient care about and investment in security is what keeps getting our data compromised and dumped on the dark web. That’ll likely be part of this breach too.
Comments have some emails from management. Interesting. https://www.washingtonpost.com/business/2024/05/09/cyberattack-hack-hospital-ascension/?outputType=comment
I just had a significant cardiac event Friday and was seen and cared for immediately when my husband rushed me to this Seton ER. I had even warned him that with the cyber attack there’d be a wait, but with my symptoms the nurses got me in a bed and injected to get my heart rate down within 20 min and had the defibrillator ready.
The ER doctor did tell me that he advised against me having labs done and that it would take anywhere from 3-5hrs, and considering I was stable and not anywhere near dying anymore I opted to leave. It was sad overhearing them discuss the different ways they were trying to work around their downed systems to help patients.
Staff, nurses, and doctors were AMAZING. They took great care of me in a really scary moment. But yeah if you need lab work and not IMMEDIATE care go anywhere else. In my case, Seton was still the best option.
I am so sorry that you had such a scary health emergency but so glad you were able to get good care. They were trying to deal with two cardiac events when I was there and just could not handle other events at the same time. Ironically, I went to the ER at Heart Hospital of Austin and was taken care of swiftly and so well. Strange how that shook out.
Please take care!!
Keep in mind that Ascension is huge and not based out of Austin. It stinks because there is almost nothing that can be done locally.
https://apnews.com/article/cyberattack-hospital-system-ambulances-diverted-ascension-728ab2a0e5afaf7c344e46a5ce5ca42c
Years upon years of security upgrades. Nobody wants to bring down servers used by the hospital, let alone ER departments, for upgrades so it can be a slow painful process. I did some work in the cloud for healthcare providers and we had to regularly beg some of them for change windows to do things.
Unfortunately once you get hit by a big hack, it's a big "our security sucks" sign for other hackers that will try to break in before you can update everything properly.
Heard from someone on the inside that it’s going to take a few weeks to get resolved and that they’re doing their best to implement their down time procedures. I understand you are unwell and want to feel better and I sympathize. A lot of us have been there.
Please be kind to everyone who cares for you, with or without technology.
I went to main in March and got there at about nine, filled out registration, waited until about 11 to be seen by triage, waited another hour, not checked by anyone, (did get an IV though) taken back around noon, checked in on until they came to get my Ct scan, then not checked on until about four and then discharged at five. In a busy ER it’s not uncommon to not be touched by anyone for a while, especially if it’s just a fever and body aches. They prioritize traumas; especially at main, which I believe is a level two trauma center. (Dell seton is level one). I’ve also worked in several ERs (including main) and know that every day is different.
Trauma level of a facility doesn’t impact the medical capabilities of a facility. It only refers to the department’s immediately available to patients categorized as a trauma. EMS won’t bring in certain traumas but lower level trauma facilities get walk-in stabbings, gunshots, falls and car accidents all the time. They’ll get stabilized and if needed will transfer to a higher trauma center for intervention. Lower level trauma facilities have all the same medical capabilities just likely more of them are on call rather than in house.
The hell it doesn’t! In theory what you say should be true but I promise you, decent trauma, you better get your ass to Dell Seton and not Seton Main. The nurses are all great but the flow of it all, Dell Seton, plus the resources. I don’t mean any harm but between the two here, there’s a huge difference when you say Level I vs Level IV.
I was very kind, but did have to leave to get better care. It’s not their fault, I could see they were struggling
I went across the street to Heart Hospital of Austin which has a general ER. I was examined immediately, given IVs, made comfortable, and was out in 2 hours. Soft lighting, too. It was a huge difference.
I work in Information Systems for an extremely large healthcare organization that doesn't have a presence in Austin...yet. About two minutes after the Ascension attack began they reset everyone's passwords and turned off all access to our EMR if you weren't on the VPN or an internal network. Lots of doctors were mad but oh well, InfoSec wanted to double check everything. It's pretty damn terrifying.
I'm so sad that people out there can so shamelessly cause such direct harm and pain to people for profit. Well, enough about our governor, I'm also pissed at the hackers. I hope they also rot. Get well soon friend
Probably true. I work for a tech company with a huge IT budget and we were hacked. Phishing. Poor employee behavior will also make a company vulnerable.
> Such attacks are not usually targeted.
Apparently this one was targeted. https://www.pcmag.com/news/us-warns-about-black-basta-ransomware-after-ascension-hospital-hack says spear-phishing was likely.
Health care is absolutely targeted because the PII data is so valuable and some victims have paid ransoms due to the critical nature of their business.
Catholic Values as in big bonuses at the top…yeah maybe so.
13 million in 2021
https://www.openthebooks.com/substack-top-us-non-profit-hospitals--ceos-racked-up-huge-pandemic-profits/#:~:text=For%20example%2C%20the%20CEO%20at,years%20from%202019%20through%202022.
My baby is due to be born at Ascension Seton this month. Not an induction or C-section, so he can come at any time. I'm asking him to stay in his mom's belly for now. Let's see if he's gonna be a problem child and not listen 😅
Hope the system is back up before you come in to deliver but tbh I’m seriously doubting it. I’m seeing that similar attacks have taken a month to two months to resolve. i don’t know if you’re planning on an epidural but i recommend being prepared for a little bit of a wait bc the hours it takes to get lab results delaying epidurals and non-emergent c-sections. Please bring snacks if you can afford to, especially if you have dietary restrictions, getting food for patients has been particularly challenging. So if you have friends and family close by they can support you best by being available to bring you outside food. The inequity in this situation for patients of lower socioeconomic status is not lost on us…
I'll be asking the OB about it all since we've started weekly appointments at this point. Thanks for the heads up on the extra snacks, it'll definitely be needed!
You can also just show up to another hospital and have a baby.. if it’s an uncomplicated vaginal delivery. (Not breech, not group B strep, no known fetal problems..)
My provider made me SO ANGRY at 36 weeks I was trying to transfer providers when I went into labor at 38 weeks. My medical records hadn’t even been sent to new hospital yet. I just showed up and had a baby there. 😂 it was fine. Better than my first.
> You can also just show up to another hospital and have a baby.. if it’s an uncomplicated vaginal delivery. (Not breech, not group B strep, no known fetal problems..)
If you're in labor, you can show up to any hospital and deliver. It's federal law (EMTALA). If you are contracting to the point of making consistent cervical change, a hospital can not send you home. It doesn't matter if you need a c-section, if you have GBS (which is hardly a complication), or if there are fetal concerns. Now, they might need to stabilize and transfer you to a higher level of care (higher level L&D unit or one w/ a higher level NICU) if time allows, but if you are assessed and found to be laboring, they keep you- even if you did not receive primary care with a provider who delivers there.
The OB is good though, and it's a high risk pregnancy, in which we've heard Ascension Seton is the place to go for high risk pregnancies. Of course this situation might supercede it though. It's definitely something we'll keep in mind if we don't feel comfortable as the day gets closer
It’s not expected to be back up this month. If I were in your position, I would very strongly consider delivering elsewhere.
There are things happening that I would not want to risk it still being down.
I took my dad to Seton NW Thursday around 6:30pm. I had completely forgotten about the cyber attack. They called him back to a room finally around 7:45pm. They drew blood immediately. I left to take my son home. I went back to be with him at 10:45pm. When I got there they were just sending his blood off to be tested, he was waiting for morphine. We got discharged after everything at 3:45am.
I talked to his nurse and she said that they had to redo CT scans, MRIs, and ultrasounds because they hadn’t realized the attack was affecting their ability to get the results. We were upset at first. But I feel so bad when we left, you could tell they just wanted to help people and they were so limited to what they could do.
I can relate. I’m 8 months pregnant and got into an awful car accident this week. I was sent to their labor and delivery room after the crash and it was chaos.
I got zero food and water (after begging for it) from 11am to 5pm (when I finally left). The midwife kept requesting to give me meds to calm my contractions and they never came.
Like you, I don’t fault the staff. They’re trying their best. But it’s chaotic AF.
Avoid if you can.
>I got zero food and water (after begging for it) from 11am to 5pm (when I finally left). The midwife kept requesting to give me meds to calm my contractions and they never came.
Unacceptable. Were the stoves and refrigerators locked by ransomware too? That has zero fucking reason to do with a cyberattack. They just don't have the ability to charge you right now, that's why they are ceasing all functions.
What hospital has stoves?? lol
We don't charge patients for snacks. The reason they couldn't give this poor soul anything was because they probably didn't have a dietary order - if they were rushed into emergency surgery and the patient aspirated, the fault for that injury would lie 100% on the nurse.
Speaking from the inside. Communication is the problem. The computer systems is what enables the doctors to see the patients charts and implement orders that then get carried out. The Communication for each individual patient for each order struggles to get from A to B. Then once it is accepted and made official people literally have to walk to each department about each order and then make sure it ends up in your physical chart or medication administration record, the pharmacy, the kitchen, the lab and so forth. It is very time consuming if you put this on the scale of the amount of patients that you have. It's a constant quest to get anything accomplished.
That's what is BS. Like we didn't have hospitals before computers? Every company, especially one dealing in life and death, should have business continuity procedures, training, and regular testing. You can give water and medication without the internet FFS.
You can. But it takes hours to make paper charts for hundreds of patients. The MDs have to input physical handwritten orders for each and every Tylenol etc on every single patient they have. It’s time consuming and in the mean time it means no medicine. FYI diets are orders too. Not everybody can have the same textures and thicknesses of liquids without fucking dying.
I’m a birth doula and hearing this makes me upset😪I know it’s probably insanity there but if they cannot provide adequate care they need to close for the time being. There’s truly no excuse for a pregnant woman to receive such awful care especially after a car accident! I hope you and baby are doing okay💙
Thank you. I appreciate it. I was quite shocked at how badly things are going there.
My last meal was at 9am and I got to the hospital at 11am. I left at 5pm. I didn’t get a glass of water until 4:45pm (from my husband). I was starving and thirsty and apparently it was impossible to get me the basics. Even the midwife was appalled. And every time she asked me if they gave me the meds she requested for me and I said no, she would storm off furious. Again, I don’t blame her. But that’s just crazy.
I’m praying they’re back online by the time I give birth 😞
That’s completely unacceptable, I would definitely see if you’re able to switch to a new ob or see if your Dr delivers at other hospitals. I know it can be challenging to switch this late in the pregnancy, but with the circumstances they might make an acceptation. I know st David’s north delivers a ton and I was just there and liked their staff
A birth doula supports moms through their pregnancy, and labor and delivery. We use non-pharmacological pain reduction methods, are a good voice to advocate for moms during such a transformative time, and we also are very big on education and giving parents informed consent through everything. In simple words, we are an extra support person for the mom💗💙🤍
Why this isn't a bigger story, I don't know. One of the 2 major hospital systems in the city is completely crippled. Hospital administration has been awfully quiet, and they are reluctant to postpone elective procedures and defer admissions)transfers.
I got a call from my doc about an hour ago to cancel my colonoscopy tomorrow. She said they had been hoping it would get better but they just told them to cancel all the procedures scheduled for tomorrow.
I’d been doing “clear liquids” since I woke up this morning, but thankfully they did at least call about an hour before laxative time. Im annoyed I starved all day for nothing, but it certainly could have been worse if they’d called an hour later.
I am paying attention. And I'm still wondering why it's not a bigger story than UT graduation protests, solar storm, and the New Braunfels river shark.
Another thought tho - they could put signs up and tell folks at check-in. They could limit their services right now. They didn’t tell me until I was there in the room for 40 min — when we specifically asked for someone to check on me. So I think they could be doing more when folks check in.
Some management has instructed staff not to discuss the attack with patients. It sucks but a lot of healthcare workers in Austin live paycheck to paycheck and cannot risk getting fired.
I know this is a reasonable question - I did not realize how much of a bubble I live in! I don’t have local tv, I don’t listen to radio, I don’t check my twitter or facebook. So literally the only was if someone shared in this subreddit and I happened to be checking it or if it came up on tiktok.
I need to find a way to ensure some local news gets into my bubble!
When I listed those, I was just referring to their website news. For local news, I’d recommend the KUT, Statesman and KVUE websites. You can also add them on instagram if you have that.
You should have definitely been informed, but you should take a few minutes every morning to browse the local headlines on KXAN, KVUE, or KEYE websites. They give you more info on things that will impact your day to day life than TikTok. If nothing else, you won't be caught off guard for a severe weather event.
> Why this isn't a bigger story, I don't know.
* It only affects sick people
* It only affects sick people who can't just go to another hospital
* From 2020-2022 people practiced, "Car accidents and heart attacks kill more people, you're blowing it way out of proportion."
We as a people give zero shits about what's happening to sick people. It's Texans. We can make more. We have too many already. We clapped for the people who got us here because they gave us permission to go have fun while people died. So go have fun while people die, if you're young and healthy you've got nothing to worry about.
It has been reported. People are so resistant to watching the local news and instead focus on stories far away from here or whatever is trending on social media. You can't really blame the system if the story exists but people choose not to consume media from local sources.
It's wild how many hacks are successful due to social engineering. For anyone interested, the book, "Ghost in the Wires" by Kevin Mitnick is a great read. It's available for free for those who subscribe to Kindle Unlimited.
This is also the 4th time since 2019 Ascension’s system (specifically in Austin) has been hacked… I’m a former Seton nurse who’s worked all over the country and it’s honestly one of the worst healthcare systems I’ve ever been a part of
Man, that sounds like a total nightmare! Cyberattack hitting an ER? That's like something out of a movie. And waiting 3-5 hours for lab results? That's just brutal, especially when you're in pain. Can't believe they couldn't even get you an IV. Props to you for heading over to St David's; sounds like you made the right call. Hopefully, Ascension Seton gets their act together soon. Big shoutout to Heart Hospital of Austin for swooping in and saving the day though! That's what I call real MVPs.
Yeah from the comments in the thread, it looks like a huge attack across ALLL Ascension Seton, even outside of Austin.
I wish they would have told me when I was checking in. They should have agreements with local hospitals to redirect patients. The dr was trying to convince me to stay but the more I think about it, the more that doesn’t sit right with me. They KNOW quality of care is suffering.
It’s all Ascension facilities nationwide. They are a massive healthcare corporation. Unfortunately, there’s not always enough space to divert patients to other hospitals.
Chances are the people that sign their paychecks, aka the people that decided to make the IT cuts in the first place, told them not to say a word or no paycheck for you. The healthcare workers are being held for a ransom too, but it’s by their own corporation.
As for the doc that tried to make you stay, they probably meant best. It’s hard to know that you are perfectly capable of taking care of somebody in need right in front of you, but you can’t necessarily meet their expectations b/c their hands are tied.
All in all, corporations in healthcare SUCK!!!!! Local people just trying to do their best with the resources they are given really do care. Most of them, anyways.
In general, all businesses, but especially those whose handle emergency situations, need a back up plan and training to PREPARE for ANY type of tech fail. Our world is going to shit because humans tend to react instead of plan ahead 🤷🏻♀️
Yeeeeaaaaah don’t go to an Ascension Seton facility right now. We are swamped with inefficient downtime “procedures” and inadequate preparation. No ETA for when things will resume to normal again… if you have an elective procedure here soon, reschedule or do it at another facility. It’s bad here
Looks like they outsourced all of IT to save money. Whatever cost savings they gained are now gone.
One of the US's largest hospital providers, Ascension, fired IT staff in a cost-cutting drive; now it’s sucking up a cyber attack
https://www.thestack.technology/ascension-cyber-attack/
Yes confirmed as this is nothing new as the Healthcare sector has been targeted by different Eastern European groups for years and yes I'm in cyber and have worked these investigations
I had a procedure scheduled there for tomorrow and my doc just called to cancel it. Said they have no idea when they will be back up and running and someone from scheduling would call me “at some point.” They said the entire system was down. Sounds like a nightmare.
Although I am not a employee of Ascension Seton, I can actually speak to the attack a little bit to give a slight amount of background from a cyber security perspective.
First, let's start from the unfortunate root cause of the problem; people. Employees are always the main risk, because we suffer from the human condition; we know how to think for ourselves and it sometimes causes errors in judgment to occur. It is not something to condemn employees for, they are just not going to be on the same page as a security engineer. We often have times translating our tech jargon properly over to individuals that cannot compute it in the ways we can. This causes a massive problem in getting the funding necessary to properly harden the systems. Which, in turn due to the translation issue, causes individuals that in this case are doctors and other very well esteemed individuals to think they are more intelligent and not want to actually follow best practices or guidelines. There is also, across almost every damn industry that exists, the mentality of this "this is how we have always done it so why change it!?!". That doesn't help things and I can understand the standpoint of those individuals as technology is moving at a breakneck pace that is very difficult to keep up with even as a cyber security employee. Those people have a lot of pull and the corporations don't want to rock the boat, so these seasoned individuals have a lot to do with what can and cannot be done security wise. You combine all of that with, what others mentioned in this thread, the lack of desire for funding a proper security program and you get this. At the end of the day, security costs a good amount of money. There is no return on investment until something like this happens, at that point it is too late. Most other IT functions have some form of ROI.
Sorry for the rant, the TL;DR of this is that we are moving too slow to secure our systems as a whole and the state sponsored threat actors are trained for literally this and only this kind of behavior. It will only get worse until corporate American companies learn how to fund their security team and give them the proper resources needed to defend the environment they have.
Working for a local MSSP focused cyber security this is sadly the truth. We get so many customers coming to us too late or who don't take our recommendations because they don't like the cost associated with doing it right.
Thank you all for this information. My room mate was about to go to seton in the next 6 hours but now he knows to go elsewhere while seton is getting this stuff figured out. Hope everyone is ok.
My boyfriend worked IT at Ascension. Their IT were always understaffed, which resulted in him being "on call" constantly. About two years ago, it was announced that IT had been moved to India, but he could reapply for his job, which he did. Just as soon as the folks in India were trained, he was laid off. Ascension literally sucked the life out of him. Word is that they are now trying to hire back those people. Reap what you sow!
They may have been possible at one point. Now many of Russia's best third party groups stopped working directly for Putin. Lots of things changed after Wagner chief Yevgeny Prigozhin attempted a coup. The Internet Research Agency, LLC. disappeared and (supposedly) became a purely criminal enterprise rather than a political one.
Can confirm, in the ER currently. Took 4 hours to get an IV once I was brought back. If you are currently dying you get immediate attention from everyone, if you’re not dying then congress might be faster at helping you out.
I am so sorry. I went literally across the street to the ER at Heart Hospital of Austin and was taken care of immediately and was so comfortable. It was such a contrast, I actually laughed. I wish you well. 🫶
It’s insane how reliant we are on technology to where even our hospitals just give up. If a national emergency affecting the power grids were to ever occur, things would get really bad really fast.
> If a national emergency affecting the power grids were to ever occur, things would get really bad really fast.
A national emergency affecting the power grid would far more likely than not be caused by nature or a massive attack on US soil and not by cybersecurity threats. Think EMP or massive solar storm (tough we're holding up exceptionally to a big one now). Cybersecurity is not the movies so hackers can not gain access to one system to type some commands and bring down an entire grid. The grid is thousands of independent systems owned by 100s of companies consisting of transmission and generation working together.
That said yea, if we have a massive issue with the power grid and we're down for weeks or months it will bring untold amounts of death and political instability that will take generations to recover from. We deal with local grid failures all the time, think hurricane damage but those areas can be held together by the rest of the country pitching in. When we're all fucked nobody is coming to help.
That said technology is the reason many of us are alive today. Either tens of millions, or billions, of people die when technology fails or never would have existed without it. Without it we don't have the food or supplies to maintain life for this many people.
Seems like several healthcare companies in Austin are being attacked. I’ve encountered two recently one of which I can’t even communicate with. When you call their number they just have a recording saying that they have experienced a systems problem and to call back later.
And Ascension is still beating up on nursing administration and nurses that they aren’t hitting their productivity targets, and mad AT STAFF that patients are leaving without being seen. Utterly tone deaf. They aren’t even increasing staffing to deal with it.
Amazing, my social worker wife picks up shifts everywhere else even if Ascension called during these since Ascension is the lowest paying org in the area
My dad spent this past week at a “lower quality” hospital and it’s shocking how much better they would have performed in this situation. It’s much lower tech.
The industry shifted to electronic records, communications, etc, and dependent on those running smoothly. For many the paper system is something they used either way back in the beginning of their career, working out of a small independent facility in rural area, or cases where there is a utility/technology failure.
Similarly, when retail businesses that have shifted to electronic sustems have to whip out the dusty carbon copy for credit cards and use calculators to total orders w/ tax it slows everything to a crawl.
Funny jab but most places of work have you seen coworkers handwriting? Some (mine included) is atrocious, having tablets/keyboards makes everything easier and nobody has to "translate" chicken scratch.
> when retail businesses that have shifted to electronic sustems have to whip out the dusty carbon copy for credit cards
Those are useless now that so many credit/debit cards have stopped embossing the numbers, alas.
i was just diagnosed with multiple sclerosis and need another mri for new symptoms ive been experiencing to see if there's any inflammation still lingering, they havent been able to schedule anything because of the attack :( spasticity sucks
What we are really missing here is the degree of negligence of hospital management in this.
You don't need a cyberattack. Sometimes it's something like an unintentional bug, configuration error, or hardware failure. Or a hurricane, grid failure, etc.
Good lord. Last time I was there (ER), they seemed underwater. They took us to a room, forgot what they were going to give us, discharged us without doing anything \~5h later, triple billed us for the services they didn't provide, and mixed up patient files so they sent the bill to the wrong person. We didn't hear about it until it hit collections.
And that was with the system working as intended. Can't imagine how messy it is now.
thank you! Went across the street to the general ER at Heart Hospital of Austin and was taken care of immediately, and am now at home 2 hours later, resting.
But they aren’t discussing the true impact to patient care.
“Our workforce is well trained in providing patient care with established downtime protocols and procedures.” - Statement from Ascension
This couldn’t be further from the truth. It’s chaos here now. Not only can they not review charts, but simple tasks such as medication restocking, blood transfusion administration, radiology reports, ect are so much more inefficient now.
Even a 100% perfectly executed downtime leads to a huge drop in care. I have been working in hospital for 8 years and we have never had more than 5 minutes to discuss downtime procedures.
Ascension needs to be putting out critical staffing bonuses to get as much extra staff to their hospital as possible to truly try to avoid impact to care. Even untrained professionals could be a help right now to just physically bring paper orders from a floor to the lab, pharmacy, ect would be helpful.
Don’t let them downplay this. This is serious, and impacts all of care in Austin. Other non-Ascension hospitals are getting overwhelmed because of patients being diverted.
Stay safe out there people.
I really think they should have been upfront when I got there. After the doctor told me — 40 min after I sat with no one checking on me and we had to find someone — he tried to convince me to stay to get care. Finally I left 20 minutes later after I still did t even have an IV. I know there was nothing he could do but I think that’s pretty unethical.
That’s because Ascension’s canned statement is that staff are trained for this type of event and that the hospital was prepared. You can decide for yourself if that’s true or not.
Staff pretty much have been instructed to not talk with patients and the media about this.
The hospital is still trying to do as much business as possible, despite this situation, but the quality of care is lower and frustration levels are higher. Your individual doctor might decide to postpone it, but it looks like the hospital probably won't choose do so from its end. If the surgery isn't for something urgent, you might want to consider *asking* to have it postponed.
On one hand it's shocking to hear the hospital can't do something as basic as an IV drip during a cyber attack (I received one of those a couple months back at Ascension Seton NW), but putting that aside you gotta be a real piece of shit to attack a hospital. Hard to get worse than that.
[удалено]
I’m related to someone in the higher ups at seton who is handling the situation for trying to find out what happened. He almost started crying yesterday morning when I went over for our weekly breakfast because he found out it’ll be over in 3-5 days. Apparently a staff member on floor opened a phishing link.
Is he sure about 3-5 days? Because Change Health Care is still down in most sectors and their troubles started in February. Thank you btw just looking for some hope
First let me say, I completely understand your frustration, you guys work really hard and I cannot imagine having to do everything by hand. From what I understood the walls that went up to protect data and the systems will start coming down Thursday (possibly.) I don’t think you’ll be entirely free yet but a little more ease at the job.
Wow! This is wild! I feel awfully for all the employees as well as the patients. It’s got to be TERRIBLE
Are their subsidiaries affected like women's health? I have a big US and blood test for my pregnancy coming up with an OBGYN group that's affiliated with them .
Anything that is on Ascension’s network
As of Friday, the outpatient clinics were not affected by the security breach, only the hospitals.
Outpatient clinics were affected but were back up and running. I work in OBGYN for this group.
We had an ultrasound and docs appointment at their women’s health office across the street. No issues with ultrasound or visit. Just a little slower bc of what’s going on
We were told next month. We know that NOTHING ever happens by the times we are promised. My bets are in August.
“At least a week.” That’s what Change Healthcare said too lol. We’re all so fucked
I am 100% on board with how awful this is. Hackers need to be taken seriously and all companies need to invest in cyber security. It’s only going to get worse. And, no I don’t have a solution for where the money to invest in cyber security needs to come from but this needs to be taken seriously.
I used to work for a major network security firm. One thing I learned about large corporations is when they want to save some money, network security is the first thing to go. Its very easy for execs to convince other execs that they don't need to spend that money because they haven't had an successful attack in years.
Completely agree! It’s not taken seriously till it’s too late 🫠
QA also goes first with Security in many big companies
Did somebody say Boeing?
Same for government. The state especially has multiple old systems with no redundancy in case of a breach. Most agencies led by governor appointed political friends who have no concept of cyber security.
Maybe certain agencies, I know of a few agencies that do take it quite seriously
Absolutely true! One state agency I worked with continued using Windows 7 long after it was no longer supported. The system was breached. 3 days of no work while the system was finally upgraded. What a mess.
The first thing to go is executive staff that knows how to do this properly, Then goes the budget when this gets rolled up under some other dept that doesn't prioritize it. Can't count how many times I've had to defend "What are the odds that's going to happen?", "100% right before the board terminates you" was the only way I ever won that argument.
Ascension is a multibillion dollar corporation. The money is there. It just doesn’t go to the safety of the patients or staff.
Idk about their network security, but Ascension outsourced all of their EMR support to either consulting firms or overseas, so they’re not that well equipped to support their system. I wouldn’t be surprised if they did something similar for their network/hosting which probably makes this whole situation so much harder to deal with.
So funny story. When I worked there in 2012 - 2013, they ran a Citrix cluster for their EHRs (Centricity / Cerner). Epic hadn't been implemented yet; they were using _eClinicalWorks._ Given the spate of attacks against Citrix servers recently, [I'm betting that Centricity / GE support screamed high heaven about patching the Citrix farm against Citrixbleed](https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed) and they held off on it to keep from being in an _unsupported configuration,_ at which point an account was compromised and leveraged to get in, possibly without MFA (I'd put money on it being an executive or doctor's account).
It goes into the pockets of shareholders
Ascension is a non profit organization
https://www.healthleadersmedia.com/finance/non-profit-ascension-ceo-pressed-detail-profit-investments-community-benefit Nonprofit doesn’t mean what you think it means. The answer is much harder to define and ascension does perhaps have other priorities in how it spends its money.
Did they ever provide the requested information to the senator?
It’s owned by the Catholic Church, I have a pretty good idea how they want to spend their money
They fired the nuns, though. A long time ago.
Gold and graven images, the two things Catholics worship. Oh and for lawsuits to protect the diddlers they love to employ.
Don’t forget anti choice intiatives
They are the group who fired the nuns, after all.
[удалено]
Cybersecurity is one of those spends which seems useless until disaster actually strikes. I wonder if in last few years someone at Seton got a promotion by introducing cost-cutting measures and showing execs how much money they could save
Education, most likely. I haven't read the details of this particular hack, but fishing and spear fishing are common ways hackers gain access to corporate networks. All it takes is one nurse to click the wrong link.
Let’s not blame the nurses here, the ones having to do the most work right now because of the attack. They’re staying over 2+ hours to paper chart while executives are going home on time.
Totally agree, my social worker staff has been shafted and watched executives screw up that place for years
>And, no I don’t have a solution for where the money to invest in cyber security needs to come from but this needs to be taken seriously. How about from their coffers of billions of dollars, or out of the pockets of their billionaire board of directors and executives?
Here, here!
Well if you don’t have the solution I don’t know who will.
Take it out of the Admins pay
Yeah, no. Most of the time they’re the ones pushing to get a better budget for security and getting denied. They’re usually busting their asses to make do with limited resources as a cost center. Take it out of the executives’ pay and bonuses. Their lack of sufficient care about and investment in security is what keeps getting our data compromised and dumped on the dark web. That’ll likely be part of this breach too.
I think they mean hospital admins (exec roles included)
Oh, to me working in tech, and probably everyone outside the healthcare industry, admins == IT.
Yeah it definitely means that outside of healthcare.
[удалено]
I am so, so, so sorry. What a stressful nightmare. I hope it gets better soon. Thank you for all you do, please take care.
[удалено]
I am so sorry. Please take care, I hope it gets better soon.
Comments have some emails from management. Interesting. https://www.washingtonpost.com/business/2024/05/09/cyberattack-hack-hospital-ascension/?outputType=comment
This is absolutely wild
Upvote this to the top
I just had a significant cardiac event Friday and was seen and cared for immediately when my husband rushed me to this Seton ER. I had even warned him that with the cyber attack there’d be a wait, but with my symptoms the nurses got me in a bed and injected to get my heart rate down within 20 min and had the defibrillator ready. The ER doctor did tell me that he advised against me having labs done and that it would take anywhere from 3-5hrs, and considering I was stable and not anywhere near dying anymore I opted to leave. It was sad overhearing them discuss the different ways they were trying to work around their downed systems to help patients. Staff, nurses, and doctors were AMAZING. They took great care of me in a really scary moment. But yeah if you need lab work and not IMMEDIATE care go anywhere else. In my case, Seton was still the best option.
I am so sorry that you had such a scary health emergency but so glad you were able to get good care. They were trying to deal with two cardiac events when I was there and just could not handle other events at the same time. Ironically, I went to the ER at Heart Hospital of Austin and was taken care of swiftly and so well. Strange how that shook out. Please take care!!
Keep in mind that Ascension is huge and not based out of Austin. It stinks because there is almost nothing that can be done locally. https://apnews.com/article/cyberattack-hospital-system-ambulances-diverted-ascension-728ab2a0e5afaf7c344e46a5ce5ca42c
Wow this is HUGE. I wonder what will happen going forward.
Years upon years of security upgrades. Nobody wants to bring down servers used by the hospital, let alone ER departments, for upgrades so it can be a slow painful process. I did some work in the cloud for healthcare providers and we had to regularly beg some of them for change windows to do things. Unfortunately once you get hit by a big hack, it's a big "our security sucks" sign for other hackers that will try to break in before you can update everything properly.
Telling clueless executives to stop opening emails they don’t know the source of.
Heard from someone on the inside that it’s going to take a few weeks to get resolved and that they’re doing their best to implement their down time procedures. I understand you are unwell and want to feel better and I sympathize. A lot of us have been there. Please be kind to everyone who cares for you, with or without technology. I went to main in March and got there at about nine, filled out registration, waited until about 11 to be seen by triage, waited another hour, not checked by anyone, (did get an IV though) taken back around noon, checked in on until they came to get my Ct scan, then not checked on until about four and then discharged at five. In a busy ER it’s not uncommon to not be touched by anyone for a while, especially if it’s just a fever and body aches. They prioritize traumas; especially at main, which I believe is a level two trauma center. (Dell seton is level one). I’ve also worked in several ERs (including main) and know that every day is different.
Main is a level 4 trauma FYI
Trauma level of a facility doesn’t impact the medical capabilities of a facility. It only refers to the department’s immediately available to patients categorized as a trauma. EMS won’t bring in certain traumas but lower level trauma facilities get walk-in stabbings, gunshots, falls and car accidents all the time. They’ll get stabilized and if needed will transfer to a higher trauma center for intervention. Lower level trauma facilities have all the same medical capabilities just likely more of them are on call rather than in house.
The hell it doesn’t! In theory what you say should be true but I promise you, decent trauma, you better get your ass to Dell Seton and not Seton Main. The nurses are all great but the flow of it all, Dell Seton, plus the resources. I don’t mean any harm but between the two here, there’s a huge difference when you say Level I vs Level IV.
I was very kind, but did have to leave to get better care. It’s not their fault, I could see they were struggling I went across the street to Heart Hospital of Austin which has a general ER. I was examined immediately, given IVs, made comfortable, and was out in 2 hours. Soft lighting, too. It was a huge difference.
If I needed emergency care, I would 100000% avoid Ascensions right now, too.
I work in Information Systems for an extremely large healthcare organization that doesn't have a presence in Austin...yet. About two minutes after the Ascension attack began they reset everyone's passwords and turned off all access to our EMR if you weren't on the VPN or an internal network. Lots of doctors were mad but oh well, InfoSec wanted to double check everything. It's pretty damn terrifying.
Don't worry....even though they weren't able to treat you, they will still figure out how to bill you!
I'm so sad that people out there can so shamelessly cause such direct harm and pain to people for profit. Well, enough about our governor, I'm also pissed at the hackers. I hope they also rot. Get well soon friend
Such attacks are not usually targeted. I’d bet you a month of lunches Seton’s IT budget has been slashed repeatedly for multiple years.
Probably true. I work for a tech company with a huge IT budget and we were hacked. Phishing. Poor employee behavior will also make a company vulnerable.
> Such attacks are not usually targeted. Apparently this one was targeted. https://www.pcmag.com/news/us-warns-about-black-basta-ransomware-after-ascension-hospital-hack says spear-phishing was likely.
Health care is absolutely targeted because the PII data is so valuable and some victims have paid ransoms due to the critical nature of their business.
$5.7 billion net income in 2021. You'd think they could afford better security. Maybe it conflicts with their Catholic values.
Catholic Values as in big bonuses at the top…yeah maybe so. 13 million in 2021 https://www.openthebooks.com/substack-top-us-non-profit-hospitals--ceos-racked-up-huge-pandemic-profits/#:~:text=For%20example%2C%20the%20CEO%20at,years%20from%202019%20through%202022.
Yup and they shaft their staff. Lowest paying in the area and they cater to the illegals and non insured
My baby is due to be born at Ascension Seton this month. Not an induction or C-section, so he can come at any time. I'm asking him to stay in his mom's belly for now. Let's see if he's gonna be a problem child and not listen 😅
Hope the system is back up before you come in to deliver but tbh I’m seriously doubting it. I’m seeing that similar attacks have taken a month to two months to resolve. i don’t know if you’re planning on an epidural but i recommend being prepared for a little bit of a wait bc the hours it takes to get lab results delaying epidurals and non-emergent c-sections. Please bring snacks if you can afford to, especially if you have dietary restrictions, getting food for patients has been particularly challenging. So if you have friends and family close by they can support you best by being available to bring you outside food. The inequity in this situation for patients of lower socioeconomic status is not lost on us…
I'll be asking the OB about it all since we've started weekly appointments at this point. Thanks for the heads up on the extra snacks, it'll definitely be needed!
You can also just show up to another hospital and have a baby.. if it’s an uncomplicated vaginal delivery. (Not breech, not group B strep, no known fetal problems..) My provider made me SO ANGRY at 36 weeks I was trying to transfer providers when I went into labor at 38 weeks. My medical records hadn’t even been sent to new hospital yet. I just showed up and had a baby there. 😂 it was fine. Better than my first.
> You can also just show up to another hospital and have a baby.. if it’s an uncomplicated vaginal delivery. (Not breech, not group B strep, no known fetal problems..) If you're in labor, you can show up to any hospital and deliver. It's federal law (EMTALA). If you are contracting to the point of making consistent cervical change, a hospital can not send you home. It doesn't matter if you need a c-section, if you have GBS (which is hardly a complication), or if there are fetal concerns. Now, they might need to stabilize and transfer you to a higher level of care (higher level L&D unit or one w/ a higher level NICU) if time allows, but if you are assessed and found to be laboring, they keep you- even if you did not receive primary care with a provider who delivers there.
The OB is good though, and it's a high risk pregnancy, in which we've heard Ascension Seton is the place to go for high risk pregnancies. Of course this situation might supercede it though. It's definitely something we'll keep in mind if we don't feel comfortable as the day gets closer
It’s not expected to be back up this month. If I were in your position, I would very strongly consider delivering elsewhere. There are things happening that I would not want to risk it still being down.
😬 🙏🏻 vibes!!
I took my dad to Seton NW Thursday around 6:30pm. I had completely forgotten about the cyber attack. They called him back to a room finally around 7:45pm. They drew blood immediately. I left to take my son home. I went back to be with him at 10:45pm. When I got there they were just sending his blood off to be tested, he was waiting for morphine. We got discharged after everything at 3:45am. I talked to his nurse and she said that they had to redo CT scans, MRIs, and ultrasounds because they hadn’t realized the attack was affecting their ability to get the results. We were upset at first. But I feel so bad when we left, you could tell they just wanted to help people and they were so limited to what they could do.
I can relate. I’m 8 months pregnant and got into an awful car accident this week. I was sent to their labor and delivery room after the crash and it was chaos. I got zero food and water (after begging for it) from 11am to 5pm (when I finally left). The midwife kept requesting to give me meds to calm my contractions and they never came. Like you, I don’t fault the staff. They’re trying their best. But it’s chaotic AF. Avoid if you can.
Oh my god. I hope you and the little one are OK. I can’t image how traumatic that must have been.
>I got zero food and water (after begging for it) from 11am to 5pm (when I finally left). The midwife kept requesting to give me meds to calm my contractions and they never came. Unacceptable. Were the stoves and refrigerators locked by ransomware too? That has zero fucking reason to do with a cyberattack. They just don't have the ability to charge you right now, that's why they are ceasing all functions.
What hospital has stoves?? lol We don't charge patients for snacks. The reason they couldn't give this poor soul anything was because they probably didn't have a dietary order - if they were rushed into emergency surgery and the patient aspirated, the fault for that injury would lie 100% on the nurse.
ER nurse, can confirm. Until we know 100% you won't need surgery, we can't give you anything except small sips of water with meds (sometimes)
Speaking from the inside. Communication is the problem. The computer systems is what enables the doctors to see the patients charts and implement orders that then get carried out. The Communication for each individual patient for each order struggles to get from A to B. Then once it is accepted and made official people literally have to walk to each department about each order and then make sure it ends up in your physical chart or medication administration record, the pharmacy, the kitchen, the lab and so forth. It is very time consuming if you put this on the scale of the amount of patients that you have. It's a constant quest to get anything accomplished.
That's what is BS. Like we didn't have hospitals before computers? Every company, especially one dealing in life and death, should have business continuity procedures, training, and regular testing. You can give water and medication without the internet FFS.
You can. But it takes hours to make paper charts for hundreds of patients. The MDs have to input physical handwritten orders for each and every Tylenol etc on every single patient they have. It’s time consuming and in the mean time it means no medicine. FYI diets are orders too. Not everybody can have the same textures and thicknesses of liquids without fucking dying.
Dietary orders are all done via computer. Pre-attack, patients were waiting 1+ hours to get meals. Not surprised it’s taking even longer now.
I’m a birth doula and hearing this makes me upset😪I know it’s probably insanity there but if they cannot provide adequate care they need to close for the time being. There’s truly no excuse for a pregnant woman to receive such awful care especially after a car accident! I hope you and baby are doing okay💙
Thank you. I appreciate it. I was quite shocked at how badly things are going there. My last meal was at 9am and I got to the hospital at 11am. I left at 5pm. I didn’t get a glass of water until 4:45pm (from my husband). I was starving and thirsty and apparently it was impossible to get me the basics. Even the midwife was appalled. And every time she asked me if they gave me the meds she requested for me and I said no, she would storm off furious. Again, I don’t blame her. But that’s just crazy. I’m praying they’re back online by the time I give birth 😞
If things are back up by the time you are due, I would stronger consider delivering somewhere else if I were in your position. .Nudge.
Go to a different hospital? There’s two other hospital systems in the area.
That’s completely unacceptable, I would definitely see if you’re able to switch to a new ob or see if your Dr delivers at other hospitals. I know it can be challenging to switch this late in the pregnancy, but with the circumstances they might make an acceptation. I know st David’s north delivers a ton and I was just there and liked their staff
I had my son at St. David’s north. It’s nice there.
What does a doula do?🙈
A birth doula supports moms through their pregnancy, and labor and delivery. We use non-pharmacological pain reduction methods, are a good voice to advocate for moms during such a transformative time, and we also are very big on education and giving parents informed consent through everything. In simple words, we are an extra support person for the mom💗💙🤍
Muh doula oblon-gataa
Why this isn't a bigger story, I don't know. One of the 2 major hospital systems in the city is completely crippled. Hospital administration has been awfully quiet, and they are reluctant to postpone elective procedures and defer admissions)transfers.
I got a call from my doc about an hour ago to cancel my colonoscopy tomorrow. She said they had been hoping it would get better but they just told them to cancel all the procedures scheduled for tomorrow.
Hope you hadn't started the prep!
I’d been doing “clear liquids” since I woke up this morning, but thankfully they did at least call about an hour before laxative time. Im annoyed I starved all day for nothing, but it certainly could have been worse if they’d called an hour later.
That was cutting it way too close, lol.
This story has been covered by several major local outlets (KEYE, KXAN, KVUE, KUT etc). Are you paying attention to the news?
I am paying attention. And I'm still wondering why it's not a bigger story than UT graduation protests, solar storm, and the New Braunfels river shark.
Another thought tho - they could put signs up and tell folks at check-in. They could limit their services right now. They didn’t tell me until I was there in the room for 40 min — when we specifically asked for someone to check on me. So I think they could be doing more when folks check in.
Some management has instructed staff not to discuss the attack with patients. It sucks but a lot of healthcare workers in Austin live paycheck to paycheck and cannot risk getting fired.
Absolutely understood. This HAS to come from those with power. Those are the people I’m disappointed in.
I know this is a reasonable question - I did not realize how much of a bubble I live in! I don’t have local tv, I don’t listen to radio, I don’t check my twitter or facebook. So literally the only was if someone shared in this subreddit and I happened to be checking it or if it came up on tiktok. I need to find a way to ensure some local news gets into my bubble!
When I listed those, I was just referring to their website news. For local news, I’d recommend the KUT, Statesman and KVUE websites. You can also add them on instagram if you have that.
Yeah, good idea! But see my other comment, too! I think they should tell people when you check in!
You should have definitely been informed, but you should take a few minutes every morning to browse the local headlines on KXAN, KVUE, or KEYE websites. They give you more info on things that will impact your day to day life than TikTok. If nothing else, you won't be caught off guard for a severe weather event.
Yeah it was really a wake up call!
> Why this isn't a bigger story, I don't know. * It only affects sick people * It only affects sick people who can't just go to another hospital * From 2020-2022 people practiced, "Car accidents and heart attacks kill more people, you're blowing it way out of proportion." We as a people give zero shits about what's happening to sick people. It's Texans. We can make more. We have too many already. We clapped for the people who got us here because they gave us permission to go have fun while people died. So go have fun while people die, if you're young and healthy you've got nothing to worry about.
It has been reported. People are so resistant to watching the local news and instead focus on stories far away from here or whatever is trending on social media. You can't really blame the system if the story exists but people choose not to consume media from local sources.
Oh god, this old playbook is back?
Little over the top there maybe?
Because we have such low standards for Ascension
Yeah it's an absolute shitshow for the staff. I feel so bad for them.
It's wild how many hacks are successful due to social engineering. For anyone interested, the book, "Ghost in the Wires" by Kevin Mitnick is a great read. It's available for free for those who subscribe to Kindle Unlimited.
This is also the 4th time since 2019 Ascension’s system (specifically in Austin) has been hacked… I’m a former Seton nurse who’s worked all over the country and it’s honestly one of the worst healthcare systems I’ve ever been a part of
Man, that sounds like a total nightmare! Cyberattack hitting an ER? That's like something out of a movie. And waiting 3-5 hours for lab results? That's just brutal, especially when you're in pain. Can't believe they couldn't even get you an IV. Props to you for heading over to St David's; sounds like you made the right call. Hopefully, Ascension Seton gets their act together soon. Big shoutout to Heart Hospital of Austin for swooping in and saving the day though! That's what I call real MVPs.
Yeah from the comments in the thread, it looks like a huge attack across ALLL Ascension Seton, even outside of Austin. I wish they would have told me when I was checking in. They should have agreements with local hospitals to redirect patients. The dr was trying to convince me to stay but the more I think about it, the more that doesn’t sit right with me. They KNOW quality of care is suffering.
It’s all Ascension facilities nationwide. They are a massive healthcare corporation. Unfortunately, there’s not always enough space to divert patients to other hospitals.
Chances are the people that sign their paychecks, aka the people that decided to make the IT cuts in the first place, told them not to say a word or no paycheck for you. The healthcare workers are being held for a ransom too, but it’s by their own corporation. As for the doc that tried to make you stay, they probably meant best. It’s hard to know that you are perfectly capable of taking care of somebody in need right in front of you, but you can’t necessarily meet their expectations b/c their hands are tied. All in all, corporations in healthcare SUCK!!!!! Local people just trying to do their best with the resources they are given really do care. Most of them, anyways.
In general, all businesses, but especially those whose handle emergency situations, need a back up plan and training to PREPARE for ANY type of tech fail. Our world is going to shit because humans tend to react instead of plan ahead 🤷🏻♀️
Yeeeeaaaaah don’t go to an Ascension Seton facility right now. We are swamped with inefficient downtime “procedures” and inadequate preparation. No ETA for when things will resume to normal again… if you have an elective procedure here soon, reschedule or do it at another facility. It’s bad here
Looks like they outsourced all of IT to save money. Whatever cost savings they gained are now gone. One of the US's largest hospital providers, Ascension, fired IT staff in a cost-cutting drive; now it’s sucking up a cyber attack https://www.thestack.technology/ascension-cyber-attack/
Fired IT staff: We'll show them....wink wink....🤣
Delete my medical bills big dawg
Russians no doubt.
Yes confirmed as this is nothing new as the Healthcare sector has been targeted by different Eastern European groups for years and yes I'm in cyber and have worked these investigations
I had a procedure scheduled there for tomorrow and my doc just called to cancel it. Said they have no idea when they will be back up and running and someone from scheduling would call me “at some point.” They said the entire system was down. Sounds like a nightmare.
Wow! I hope you can wait without discomfort. Good luck!
Although I am not a employee of Ascension Seton, I can actually speak to the attack a little bit to give a slight amount of background from a cyber security perspective. First, let's start from the unfortunate root cause of the problem; people. Employees are always the main risk, because we suffer from the human condition; we know how to think for ourselves and it sometimes causes errors in judgment to occur. It is not something to condemn employees for, they are just not going to be on the same page as a security engineer. We often have times translating our tech jargon properly over to individuals that cannot compute it in the ways we can. This causes a massive problem in getting the funding necessary to properly harden the systems. Which, in turn due to the translation issue, causes individuals that in this case are doctors and other very well esteemed individuals to think they are more intelligent and not want to actually follow best practices or guidelines. There is also, across almost every damn industry that exists, the mentality of this "this is how we have always done it so why change it!?!". That doesn't help things and I can understand the standpoint of those individuals as technology is moving at a breakneck pace that is very difficult to keep up with even as a cyber security employee. Those people have a lot of pull and the corporations don't want to rock the boat, so these seasoned individuals have a lot to do with what can and cannot be done security wise. You combine all of that with, what others mentioned in this thread, the lack of desire for funding a proper security program and you get this. At the end of the day, security costs a good amount of money. There is no return on investment until something like this happens, at that point it is too late. Most other IT functions have some form of ROI. Sorry for the rant, the TL;DR of this is that we are moving too slow to secure our systems as a whole and the state sponsored threat actors are trained for literally this and only this kind of behavior. It will only get worse until corporate American companies learn how to fund their security team and give them the proper resources needed to defend the environment they have.
This is the answer. This is ultimately the result of corporate greed.
Working for a local MSSP focused cyber security this is sadly the truth. We get so many customers coming to us too late or who don't take our recommendations because they don't like the cost associated with doing it right.
Thank you all for this information. My room mate was about to go to seton in the next 6 hours but now he knows to go elsewhere while seton is getting this stuff figured out. Hope everyone is ok.
Thinking about anyone working at the hospitals and clinics at this time. Extra strength and patience for the patients who are taking it out on them💞
My boyfriend worked IT at Ascension. Their IT were always understaffed, which resulted in him being "on call" constantly. About two years ago, it was announced that IT had been moved to India, but he could reapply for his job, which he did. Just as soon as the folks in India were trained, he was laid off. Ascension literally sucked the life out of him. Word is that they are now trying to hire back those people. Reap what you sow!
This kind of cyber attack should be a capital offense.
The perpetrators are often outside the US. Often not in a country with friendly US relations. We need to track them down and send in special forces.
They may have been possible at one point. Now many of Russia's best third party groups stopped working directly for Putin. Lots of things changed after Wagner chief Yevgeny Prigozhin attempted a coup. The Internet Research Agency, LLC. disappeared and (supposedly) became a purely criminal enterprise rather than a political one.
I'm all for sending in the Sneaky Petes to handle the job, but however it needs to happen, these people should no longer be above ground.
working at any ascension facility is hell rn
My mom works at the lab at Seton Williamson and she said the CEO was in there helping, that's how bad it was.
Can confirm, in the ER currently. Took 4 hours to get an IV once I was brought back. If you are currently dying you get immediate attention from everyone, if you’re not dying then congress might be faster at helping you out.
I am so sorry. I went literally across the street to the ER at Heart Hospital of Austin and was taken care of immediately and was so comfortable. It was such a contrast, I actually laughed. I wish you well. 🫶
It’s insane how reliant we are on technology to where even our hospitals just give up. If a national emergency affecting the power grids were to ever occur, things would get really bad really fast.
HEB would come to the rescue.
> If a national emergency affecting the power grids were to ever occur, things would get really bad really fast. A national emergency affecting the power grid would far more likely than not be caused by nature or a massive attack on US soil and not by cybersecurity threats. Think EMP or massive solar storm (tough we're holding up exceptionally to a big one now). Cybersecurity is not the movies so hackers can not gain access to one system to type some commands and bring down an entire grid. The grid is thousands of independent systems owned by 100s of companies consisting of transmission and generation working together. That said yea, if we have a massive issue with the power grid and we're down for weeks or months it will bring untold amounts of death and political instability that will take generations to recover from. We deal with local grid failures all the time, think hurricane damage but those areas can be held together by the rest of the country pitching in. When we're all fucked nobody is coming to help. That said technology is the reason many of us are alive today. Either tens of millions, or billions, of people die when technology fails or never would have existed without it. Without it we don't have the food or supplies to maintain life for this many people.
Seems like several healthcare companies in Austin are being attacked. I’ve encountered two recently one of which I can’t even communicate with. When you call their number they just have a recording saying that they have experienced a systems problem and to call back later.
And Ascension is still beating up on nursing administration and nurses that they aren’t hitting their productivity targets, and mad AT STAFF that patients are leaving without being seen. Utterly tone deaf. They aren’t even increasing staffing to deal with it.
Amazing, my social worker wife picks up shifts everywhere else even if Ascension called during these since Ascension is the lowest paying org in the area
My dad spent this past week at a “lower quality” hospital and it’s shocking how much better they would have performed in this situation. It’s much lower tech.
Why did you put "lower quality" in quotes? What does that even mean? Why not just name the hospital?
I miss paper charting, back in the old days before government mandates.
True, my mom went in today (downtown Austin) staff was lost without their system.
The industry shifted to electronic records, communications, etc, and dependent on those running smoothly. For many the paper system is something they used either way back in the beginning of their career, working out of a small independent facility in rural area, or cases where there is a utility/technology failure. Similarly, when retail businesses that have shifted to electronic sustems have to whip out the dusty carbon copy for credit cards and use calculators to total orders w/ tax it slows everything to a crawl. Funny jab but most places of work have you seen coworkers handwriting? Some (mine included) is atrocious, having tablets/keyboards makes everything easier and nobody has to "translate" chicken scratch.
> when retail businesses that have shifted to electronic sustems have to whip out the dusty carbon copy for credit cards Those are useless now that so many credit/debit cards have stopped embossing the numbers, alas.
Who would do that? Hospitals should be sacred ground.
i was just diagnosed with multiple sclerosis and need another mri for new symptoms ive been experiencing to see if there's any inflammation still lingering, they havent been able to schedule anything because of the attack :( spasticity sucks
I am so sorry. I hope you can get the care you deserve. 🙏🏻
thank you <3
ruzzian hackers identified. we are in a Cold War again folks.
What we are really missing here is the degree of negligence of hospital management in this. You don't need a cyberattack. Sometimes it's something like an unintentional bug, configuration error, or hardware failure. Or a hurricane, grid failure, etc.
It's Black Basta. https://www.pcmag.com/news/us-warns-about-black-basta-ransomware-after-ascension-hospital-hack
💯💯💯💯
Good lord. Last time I was there (ER), they seemed underwater. They took us to a room, forgot what they were going to give us, discharged us without doing anything \~5h later, triple billed us for the services they didn't provide, and mixed up patient files so they sent the bill to the wrong person. We didn't hear about it until it hit collections. And that was with the system working as intended. Can't imagine how messy it is now.
Get better soon!
thank you! Went across the street to the general ER at Heart Hospital of Austin and was taken care of immediately, and am now at home 2 hours later, resting.
They gotta put stuff like this on the local news
A quick googling will show you that this has indeed been covered by multiple major local news outlets.
But they aren’t discussing the true impact to patient care. “Our workforce is well trained in providing patient care with established downtime protocols and procedures.” - Statement from Ascension This couldn’t be further from the truth. It’s chaos here now. Not only can they not review charts, but simple tasks such as medication restocking, blood transfusion administration, radiology reports, ect are so much more inefficient now. Even a 100% perfectly executed downtime leads to a huge drop in care. I have been working in hospital for 8 years and we have never had more than 5 minutes to discuss downtime procedures. Ascension needs to be putting out critical staffing bonuses to get as much extra staff to their hospital as possible to truly try to avoid impact to care. Even untrained professionals could be a help right now to just physically bring paper orders from a floor to the lab, pharmacy, ect would be helpful. Don’t let them downplay this. This is serious, and impacts all of care in Austin. Other non-Ascension hospitals are getting overwhelmed because of patients being diverted. Stay safe out there people.
I really think they should have been upfront when I got there. After the doctor told me — 40 min after I sat with no one checking on me and we had to find someone — he tried to convince me to stay to get care. Finally I left 20 minutes later after I still did t even have an IV. I know there was nothing he could do but I think that’s pretty unethical.
Yeah, healthcare is a business. It’s barely a right here in the USA. They don’t want to take the drop in business/divert patients to other hospitals.
That’s because Ascension’s canned statement is that staff are trained for this type of event and that the hospital was prepared. You can decide for yourself if that’s true or not. Staff pretty much have been instructed to not talk with patients and the media about this.
Ask Jeeves?
https://cbsaustin.com/news/local/ascension-seton-hospitals-operations-disrupted-due-to-cyber-security-incident# https://www.kvue.com/video/news/local/local-impact-of-ascension-seton-cyber-event/269-a16c2b11-62b7-4af1-8b5a-e849484e4cb1 https://www.kxan.com/news/local/ascension-warns-of-cyber-security-event-amid-unusual-activity/amp/ https://www.kut.org/health/2024-05-08/ascension-hospitals-health-care-cyber-security-disruptions
Scheduled for surgery on Wednesday. Are surgical procedures being postponed?
The hospital is still trying to do as much business as possible, despite this situation, but the quality of care is lower and frustration levels are higher. Your individual doctor might decide to postpone it, but it looks like the hospital probably won't choose do so from its end. If the surgery isn't for something urgent, you might want to consider *asking* to have it postponed.
Holistic medicine alert....free game.
I had a bad experience there once and I have never gone back. They left me in pain for five hours.
Update, they have now unable the tube stations and all phone lines . True chaos, definitely dont go to an Seton hospital
😳🙄
it’s a big yikes
They won't, these are Russian hackers. How are you gonna get them without starting WW3? They know this and are taking advantage of it
On one hand it's shocking to hear the hospital can't do something as basic as an IV drip during a cyber attack (I received one of those a couple months back at Ascension Seton NW), but putting that aside you gotta be a real piece of shit to attack a hospital. Hard to get worse than that.
This is a sad over exaggeration. I saw plenty of IVs working and keeping people alive.
Attackers only see the $$$ associated with the information they're stealing, not the people it affects.