IN THEIR SHOES: WHAT HAPPENS IMMEDIATELY FOLLOWING A RANSOMWARE ATTACK ON A HEALTHCARE SYSTEM?
- John "JP" Pollard
- 08/8/2024
If you are a healthcare leader of any type, and particularly if you are in charge of maintaining a healthy IT infrastructure for your healthcare team, you are already well aware of the rampant increase in cyber attacks, increasing a whopping 128% from 2022 to 2023 alone.
Many healthcare organizations are well equipped with preventative measures and solid downtime procedures. But the wisdom of Mike Tyson may apply here: “Everyone has a plan until they get punched in the face.”
So what happens when you get “punched in the face?”
We looked at a number of articles that detailed the challenges faced by both Ascension Health and CommonSpirit Health following their respective ransomware attacks, and then we evaluated what might have been different in each system had they considered Agathos Continuity as a part of their network downtime scenario planning.
All systems taken offline
When a cyber attack is detected, most IT leaders spring into action, follow their playbook, and shut down the systems and the network in order to prevent the spread of the malware. This clearly creates a number of problems:
- Medical records are unavailable (the EHR is offline)
- Phone systems are often unavailable
- Patient contact information is unavailable
- Patient schedules are unavailable
- Staff scheduling and time management systems are offline
- Billing systems are offline
After briefly discussing backups, we will walk through some of these impacts and consider how, if at all, things could be different with Agathos Continuity. Agathos Continuity helps health systems contact patients, manage their schedules, coordinate their care, and protect patient access and safety during care throughout an extended EHR or network downtime.
What about backups?
You might wonder, “But what about the backups?” Most health systems on the popular EHRs have some sort of backup. The question is whether those backups are well-maintained and immediately accessible to the staff on the front lines following an attack. Many of these systems are made for outages of hours but not for extended downtimes reaching weeks or even months. Given the reporting we observed, these systems were not adequate to help them avoid major losses of up to $150M (not to mention all of the quality, safety, and reputational impacts). Other backup options such as a fully functional redundant cloud-based EHR are often too expensive for all but the largest and best resourced of health systems.
Patient safety concerns as the patient record is unavailable
Because patient safety (and care continuity) is the top priority in a health system, let us consider the impact on care first. With the EHR down, there is suddenly no way to know why a patient is in your care or what sorts of complications you may be dealing with. This lack of a patient record is also a reason that many outpatient visits are often canceled.
As a part of the record, medications also become an issue. In these attacks, clinicians had to rely on patients to disclose medications. A failure to mention or remember just one of those medications would have serious health consequences.
With Agathos Continuity
If Ascension and CommonSpirit had Agathos Continuity, they would have immediate access to patient records via an off-network mobile device. This would allow them to avoid a myriad of safety complications and continue to care safely for patients. Having the patient medication history available as well means that clinicians can avoid any number of contraindications.
On-premise backups compromised
Because many on premise backup systems are on the network, they are often compromised in the cyber attack.
With Agathos Continuity
With a select set of data backed up to the cloud nightly, Agathos Continuity is an affordable way to ensure a clinical data backup independent of the network and thereby able to provide immediate and continuous access to authorized staff members.
Procedures canceled
With lack of access to coordination and scheduling, and some equipment going down, as well as the safety concerns related to not having access to patient records, many procedures were canceled.
With Agathos Continuity
Through access to patient contact information, schedules, and full medical histories, Agathos Continuity allows organizations to keep many procedures on the schedule as planned. In the case of specialized equipment going down, however, there is nothing Agathos Continuity could commit to preserving those encounters.
Using paper records
Because the EHR is down, many parts of Ascension and CommonSpirit were forced to use paper records, which not only creates challenges in immediate care, but also future challenges as that data will need to be digitized and imported back into the EHR when it is back online.
With Agathos Continuity
Agathos Continuity does allow clinicians to perform basic documentation within the system, but some organizations may choose to paper chart in addition to or instead of documenting in the gap system, depending on the playbook specifications. At least having a digital option would provide some staff for some documentation in some clinical situations an additional (and perhaps better) documentation option that happens to be easier to port back into the EHR afterward.
Patient contact information is unavailable
When the EHR goes down or third-party customer relationship management (CRM) software solutions are inaccessible, this means that organizations no longer are able to contact patients to reschedule or confirm appointments.
With Agathos Continuity
With near real-time data, Agathos Continuity makes patient contact information available for nearly all scheduled appointments, allowing frontline staff to inform and modify any scheduling with the patient, maintaining patient confidence, and providing the best experience possible given the context.
Patient schedules are unavailable
With the network and most systems down to protect the spread of the malware, staff are left with no patient schedules, no centralized applications, nor a means to make changes, if needed.
With Agathos Continuity
With a near real-time cloud-based backup, Agathos Continuity allows frontline staff to see and maintain patient schedules with easy-to-use mobile functionality, enabling them to quickly triage the schedule and modify as is needed in the current environment.
Billing systems are offline
Like with the EHR or often as a part of the EHR, the revenue cycle is often thrown into an extremely challenging scenario during a ransomware attack, with no ability to track billable procedures, interact with payers, or to send out patient billing notices.
With Agathos Continuity
With patient schedules and access to the medical records, as well as the ability to create a dynamic up-to-date record of all appointments performed, you are in a much better position to bill for visits once the billing software is back online.
Patient portals unavailable
During the Ascension and CommonSpirit cyberattacks, patient portal functionality for seeing test results, medications, and procedural information was taken offline for weeks. This is a result of the EHR being taken offline. This creates a communication challenge between patients and their physicians and can have patient safety implications, not to mention patient experience and long-term retention impacts.
With Agathos Continuity
While Agathos Continuity does not support any type of backup system for a patient portal, Agathos Continuity does have and up-to-date patient medical record, patient contact information, and schedule information, which would allow for clinicians to connect with patients via an off-network mobile device if urgent, preventing the most critical of patient safety and communication access issues.
Summary
From a healthcare IT security perspective, we live in the most challenging time ever faced. While prevention and recovery are critical, resiliency tools and tactics during a downtime are becoming increasingly indispensable as cyber attacks on even the best-resourced systems become increasingly inevitable. Considering the broad impact of ransomware attacks from top to bottom can go a long way in thoroughly planning for your network downtime. We all know these are coming. Is your organization ready to do more than merely take them on the chin?
Articles reviewed
https://www.hipaajournal.com/ascension-cyberattack-2024/
https://www.hipaajournal.com/global-healthcare-cyberattacks-increased-by-74-in-2022/
https://www.hipaajournal.com/healthcare-industry-cyberattacks-increase-by-45/
https://phoenixnap.com/blog/commonspirit-health-ransomware-attack
https://www.wmuk.org/2024-05-09/its-causing-chaos-what-ascension-cyberattack-means-for-michigan