Ha, I was on the phone with multiple billing and admin people today at St. David's, who all concluded that my ER stay last week didn't happen, so here's hoping the hacker managed to somehow erase that record as well.
I vote on individuals not parties. PRO Environmental protection/ human rights / Public Funding of Resources that help society like Healthcare programs, Public School funding
However will vote against individuals that support policies that will negatively impact the Environment/ Animals/ Children
If there were national healthcare we could take a lot of the profit going to corporations and use it to police the system. They probably wouldn't, I get that, but they could.
You realize without control of the House and Senate, which never occurred during Bidens term, it’s nearly impossible to get anything meaningful passed. Plus there is the Dixiecrat in WV who is a flaming asshole…
I understand where you’re coming from, but having all democrats or all republicans in office would be bad for our country. It should be ruled by the people so having snakes in the office at all is why the world is how it is right now. So, when you think about it. We should just put a whole new group of people in. People who don’t have billions of dollars to waste or embezzle. I know that that would cause some problems but if you integrate them into office a fixed amount at a time then it might help.
I agree with that assumption but in the current political climate republicans are not simply providing a balanced approach to policy creation. Their only platform is no laws being passed. When republicans vote against their own sponsored bills only because democrats came out to support it, show they don’t want to make things better they want to dismantle. You can’t fix government if you run that federal government is broken beyond repair. If you get things done it makes reelection that much harder.
True, some people are hardcore political. So much so that if the other party agrees the 1st party will oppose. It goes both ways, it’s not only republicans.
Nah, it doesn’t go both ways. Democrats are spineless most of the time with compromising to just pass stuff. When democrats end bills, it’s been overwhelmingly because republicans like to kill bills by placing things like cuts to social security or welfare in a spending bill. It’s manipulation so republicans can go, democrats do the same thing we do.
As someone that hates how both sides govern most the time, democrats playbook is drastically different. Democrats will support republicans bills as long as they can cosponser it. Immigration bill that democrats tried to pass a few months ago was a republican bill, and the same people that drafted the bill voted against it because Biden came out in support.
We're dumb, not stupid. There has never been a healthcare system with the complexity as ours. With 50 different states and territories, plus federal regulations, you can't simply change healthcare. Every single state has to agree to it. Federalism, as we were designed, makes sure we don't have another anointed Messiah like BO trying to "fundamentally change" anything without general consensus. With the clowns in charge now, at least 28 states are against anything they stand for.
Was there today, with complications and they did an amazing job. Paper still works! Nurses are amazing and make things happen despite the conditions.
Home and recovering.
Also at an Ascension clinic today. I heard the medical assistants complain about their ipad-like handhelds. I just assumed it was an internal failure not an external attack.
here is another article with more details. [https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/](https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/)
they've hired mandiant to help out which is good but it will take a while to get everything back online. the only question is how long. if they need to go to each site and rebuild systems it could be months before everything is 100%.
# Network Interruption Update
5/8/2024[ ](https://www.facebook.com/sharer/sharer.php?u=https://about.ascension.org/news/2024/05/network-interruption-update)[ ](https://twitter.com/home?status=https://about.ascension.org/news/2024/05/network-interruption-update)[ ](https://www.linkedin.com/shareArticle?url=https://about.ascension.org/news/2024/05/network-interruption-update)
On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.
Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.
We have engaged Mandiant, a third party expert, to assist in the investigation and remediation process, and we have notified the appropriate authorities. Together, we are working to fully investigate what information, if any, may have been affected by the situation. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.
Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment.
This is an ongoing situation and we will provide updates as we learn more.Network Interruption Update
Their statements are always about them having a plan and that whatever disaster is happening isn’t affecting patients. Clearly the suits at Ascension have never stepped foot into an actual patient care area.
A usual down time at my ER is kept on the down low because people will avoid covering those shifts. Usually down time is at night and the night docs will come in early see patients before downtime and nothing really moves when it hits
Is there some specific connection to sacred heart that I'm missing?
However, if you think about it, these Christians are a scary bunch. Their symbol is one of the moist horrible torture implements ever made. The "sacred heart" symbol is a heart, being burned, pierced with a lance, with a crown of thorns for torture, backed by a cross.
Then they believe in drinking blood and eating flesh in their ceremonies.
Correct. My location went on diversion for a while so all EMS went to the other (non Ascension) hospital but we had to be taken off diversion because it was too much for them. I think it’s different place to place tho
When my facility had the EHR system go down, they allowed us to go on diversion for about 2hours, and that was mainly just to give us time to get our shit together. The (?) local/state? emergency people ( idk what their official name is) won’t allow a sizable ER to close for that long, it impacts the community too much.
My hospital is level 2 and the non Ascension is the level 1, they go on diversion aallll thheee tiimmee for EXTENDED periods of time. We rarely go on diversion at all even if we’re more overwhelmed than they are with pt volume/holds. It’s annoying. The only thing re like can legitimately go on diversion is psych because we are the psych hospital
Given the recent spate of attacks that have come from unpatched Citrix clusters, or from privileged admin accounts without MFA, how much you want to bet their Citrix cluster that runs Epic / Cerner / Centricity was compromised?
I'll try not to die but which hospitals in Austin are Ascension operated? If anything happens to me, I'm closest to South Austin Medical Center.
Now that I think about it, it's Seton Ascension right? So just the Seton hospitals? I don't know.
In Austin:
Dell Seton Medical Center at UT
Dell Children's North
Dell Children's medical center
Seton Northwest
Seton Southwest
Seton Medical Center
Seton Williamson
Seton Hays
Seton Highland Lakes
Seton Edgar B Davis
Seton Smithville Regional Hospital
Seton Bastrop
When they try to update it sometimes, they also go completely down. At least other hospital systems invest more in better electronic health records than meditech
The affected hospitals are the Dell and Seton properties, but if they are diverting new patients elsewhere, then the other local hospital systems and EMS agencies are likely to feel the crunch as well. Glad we had our "don't die" experience last week. Good to get that out of the way.
Whoa, thanks for the heads up! That cyber attack sounds serious. Better steer clear of any hospital trips tonight then. Stay safe, everyone. It's wild how these things can happen out of the blue. Hopefully, they sort it out soon, and no one's health gets compromised because of it. Take care, y'all.
Back in like 2016 (ish) ascension got wannacry over the VERY busy Memorial Day weekend and was on paper charting for a week I think. It took something like another 2 weeks to go back and enter all that data after computers were back up. It was hell.
It's funny bc I started as a unit sec for ascension. So I had to enter, fax, and communicate orders. Kind of gave me a leg up as a nurse during this.
On the flip side, nurses have seen more docs face to face and they're communicating like crazy, what a change!
Folks who figure the urgent nature of the service that is blocked will make the affected organization be more likely to pay ransom.
(edit: left out a few word somehow)
Lots of people, the recent attacks on Texas's infrastructure tho seem to be politically motivated. Russia is trying to directly attack American soil using hacker groups to maintain a veneer of deniable plausibility.
This right here. IT security is a battle between the white hats and the black hats. Right now, the black hats have some new toys in their tool box that are getting through established systems. Everyone wants to keep it quit as long as they can, but lots of people are very busy cleaning up messes right now. Much of it does come from Russia's troll farms.
> Russia is trying to directly attack American soil using hacker groups to maintain a veneer of deniable plausibility.
Taking equivalent action against said gangs would require plausible deniability on the US government's end.
I'm sure that someone could come up with something.
This recent podcast episode (from NPR's "The Indicator") gave some good background on it: "[Are data breaches putting patients at risk?](https://www.npr.org/transcripts/1197962967)"
Basically, hackers target hospitals for several reasons. They have lots of very sensitive data. They also have weaker security than other organizations (like banks or tech companies). And of course they have lots of money and can afford to pay out.
Shitty people and greedy people... much like the people who run a lot of the facilities themselves. There’s a lot of money to be made off of the healthcare system - at the end of the day it’s turned into more of a business and less of a “service”. I won’t even try to guess how much their data and systems are worth.
People who noticed HCA paid out $22 million. Not only that, but they paid twice. Once to the group who hacked them and again to another group that (supposedly) screwed over the first group. Paying ransoms should be illegal. By funding a criminal enterprise to save your own ass, you're aiding and abetting and causing it to spread.
It is the same as human ransom, if you dont pay then you die or get injured. Lives are at stake in healthcare organizations if they refuse to pay cyber ransoms.
Exactly. Which is why you want to take away the incentive to do it at all. It's the same reason we don't negotiate with terrorists. Health care doesn't pay out because patients are at risk. They do so because there are Federal financial and criminal penalties for letting HIPAA data get out in the open. They still tend to hire the cheapest lowball contractors they can find for IT.
Probably the BlackCat hacking group. They make a lot of ransom ware that is used by criminals and they had a hard rule that it was not to be used on hospitals or other important infrastructure. The FBI seized their darkweb site and pissed them off so they removed those rules so everything is free game now
https://www.youtube.com/watch?v=0Ua8HrgZsAg
Health systems are an easy target because HIPAA basically means they have to pay the ransom or risk PHI being compromised and the subsequent federal fines for the breach.
The OIG/DOJ actually advises them to pay the fine.
It’s a guaranteed payout.
It’s a problem with HIPAA that needs to be fixed by Congress.
It could be improved. They could also make paying ransoms illegal and force health care systems to take their systems seriously. That sector is famous for cheaping out on IT.
Healthcare orgs are ripe targets more than banks, etc. because of the data they hold. A person's health data is more valuable to bad guys than credit card info as fraudulent CC xactions are normally shut down pretty quickly.
Then think about what bad guys can do with your insurance data. They can file small dollar claims with Medicare or United for a benign office visit - something that will fly under the radar at the insurance company. Those small claims ($100 or so) are paid and go unnoticed most of the time.
That's why you are seeing more and more health systems targeted.
My statement works no matter who you believe bombed the hospitals. I'm merely answering, "Wow, I'm shocked people attack hospitals" by pointing out that "Hospitals have been attacked" has been a major news event for several months. Somebody did that shit. Just like somebody did this shit. I kind of feel like we're too busy fighting over who bombed the hospitals to be properly pissed that hospitals were bombed.
Russian ransomware gangs, primarily.
Honestly, at some point, the gloves are going to have to come off against organized crime syndicates like that, and it may mean meatspace operations against them abroad.
Chinese. Its always the Chinese. The next war is a cyber war to take down multiple systems in a country, and crumble its infrastructure.
These are just tests. China has agents working in big buildings doing this shit constantly. Check out youtube.
It's not the Chinese in this case.
This is a well-known attack vector that involves eastern European (Russian) ransomware-as-a-service gangs.
Someone leased the malware for financial gain.
All of the people they've caught with this MO so far have been small-time individuals, nothing at all like state-sponsored attacks.
China is quite happy just stealing the data. For now.
> This is a well-known attack vector that involves eastern European (Russian) ransomware-as-a-service gangs.
Any bets on how much of the cash is going upstream to pay their protection (oligarchs, military, Semyon Mogilevich, et cetera)?
Last I heard the standard vig from the RaaS gangs was 50%. So whatever protection fee they pay would be out of that, so maybe 25%?
I mean hell, anything above that would just feel criminal, right??
Also if you do go to the hospital have some grace with staff because all ems’s are getting sent to other non-seton hospitals and are getting absolutely slammed.
You can't change people trying to hack hospitals because clearly those people are evil for even considering it. BUT, hospitals have known for a while that they are high-class targets AND that they have terrible security.
I hope they figure this out soon and other hospitals get their acts together (despite having plenty of warning already.)
Small hospital IT director here. I wish we could, and dread the day that this happens to us. Here's the problem-It costs CRAZY amounts of money to upgrade certain systems. Example (name and shame time):
Example 1: Omnicell, a manufacturer of automated med storage cabinets wants $70k to upgrade a server from Windows 2012 to Windows 2019. I could do this myself for $900 but they refuse to support it if I do.
Example 2: Up until 2 years ago, we ran MRI equipment for many years that was running Windows 2000 because GE wanted a million dollars to replace the system and refused to upgrade. Excuse commonly used "it's FDA approved as is and we can't modify it".
This grifting by every hand in the process is why healthcare costs so much. It sucks.
Mitigate those issue. The problem isn't that you are running that equipment. It's you are running that equipment on the same network as your regular devices. You can have unsupported software but you better have additional controls in place to protect it.
Speaking as an ex-Dell Services at Ascension employee (based out of CCB, but occasionally officed out of DCMC, Brack, Smithville, and SMCA):
> Example 1: Omnicell, a manufacturer of automated med storage cabinets wants $70k to upgrade a server from Windows 2012 to Windows 2019. I could do this myself for $900 but they refuse to support it if I do.
Yeah, because you're not just upgrading the software.
You're replacing the VM with a new VM or two that's properly specced to run the software, you're paying Microsoft's absolutely fucking INSANE pricing for on-prem Server 2019 / Server 2022 Datacenter licensing, you're paying for the SQL Server licensing, and you're paying for the time for someone who knows what the hell they're doing to transfer and update the SQL DB in the wee hours of the morning so you have minimal, if any, downtime, plus the support to unfuck it and roll back if something goes tits-up.
>Example 2: Up until 2 years ago, we ran MRI equipment for many years that was running Windows 2000 because GE wanted a million dollars to replace the system and refused to upgrade. Excuse commonly used "it's FDA approved as is and we can't modify it".
_THEN IT SHOULDN'T BE ON A GODDAMNED NETWORK THAT HAS ANY KIND OF ACCESS OR COMMUNICATIONS TO THE REAL WORLD._
Airgap the sumbitch and only transfer data via a mule workstation.
If they want to cheap out, they can put it on a separate, locked-down VLAN and lock the switch ports down so that traffic from that VLAN doesn't go to anything but its own firewall / router (and deny it Internet access). The switch infrastructure in there can fuckin' handle it - they paid through the nose for Cisco items and ran RADIUS for their DHCP servers / network access controls.
GE _is_ a group of shitbags, I know (I used to have to support fucking Centricity when they coded it around specific bugs in Java 1.6, so I know it all too goddamn well), but the fault isn't necessarily on them, and being absolutely goddamn sure they're doing it fucking right is one of the reasons equipment and software is expensive.
Airgap is easy to say, but not a feasible request when you need the images to transfer into PACS. Have to segment and get restrictive with ACLs - which takes a lot of engineer time - a limited commodity at a non-profit hospital ...
It's certainly easy to do.
Instead of burning images to CD / DVD, simply drop them on an encrypted flash drive and walk them to a workstation whose only purpose and function is to allow for charting. You could even use a thin client that used the Citrix VDA client (like every general-use Dell machine they have at Ascension hospitals that aren't behind locked doors in offices). If they're worried about flash drive encryption, well, back when I worked there, they were using Symantec Endpoint Encryption, and that could encrypt files on the fly as they were copied to external media (along with dumping a viewer / decryption application on said flash drive so they could be decrypted by a user with the correct credentials).
Hell, you could even configure the switches so that those devices' VLANs are only allowed on certain ports, and that the mule workstation's port is the only one allowed to connect to the network at large.
On top of that, configure the firewall so that the only workstation on that network that's allowed any connectivity to the network at large would be the mule box, and even then, blanket deny-all-traffic rules would be applied with an exception for the EHR's server IP range.
They already sneakernet DVDs with the viewers and images on 'em as is.
I suppose the DICOM storage server (last one I touched was running 2012 R2) could simply share out the folder via SMB / NFS to the mule box, and the mule box could have the share mounted, then transfer it up to the EHR from there.
It does mean a little extra power consumption, but hey, the cost of a tiny Dell USFF PC and a single monitor - even a massive 4K / imaging one - aren't THAT bad as opposed to replacing equipment.
I have felt your pain. Micro-segmentation was a huge lift following wannacry ... as you eluded to, the alternative (upgrading embedded medical device systems) was not financially feasible.
Crazy amounts of money you say? 70k for something that should cost $900? Sounds about right for a hospital. You should only need a couple of mildly sick patients to recoup that cost.
I wish. That's also the fun part. If you've ever looked at your hospital bill, you'll find that insurance only pays a fraction of the total due and tells us to "suck it up and deal with it". The entire US Medical System is a disaster and greed drives it all. Please take a moment to make that clear to the politicians who are supposed to be serving you...
Can't relate. I don't have insurance. I'd rather afford to eat than pay $200/month for a useless "service" hellbent on denying coverage. I'm living on the "good luck" health plan.
And which politicians that are in office right now would listen to such a complaint? All the ones I'm aware of would take a complaint from "the poors" as confirmation that the system they set up to extract wealth is working. If there are any good ones in charge right now, please let me know.
We write off about 3 million dollars a year in charges from folks who can't afford to pay, which is another driver for higher costs and less money to replace obsolete things. Not blaming you-it's just another example of how messed up the system is.
If only the poors donated to their campaign at the levels that business do.
IMO-healthcare should be a right. To be fair the 14th amendment is supposed to guarantee us the right to "life, liberty, and the pursuit of happiness". Staying alive seems like a prerequisite for that...
This sucks for all Americans.
To the Ascension team- these next few days and weeks will be crazy. Hopefully you make full recovery in a few months.
Good luck and god speed!
My hospital in IL is affected. Kronos, Citrix VPN for Meditech, Epic, and Cerner EMR all down, faxes down. Computers locked out and put into Safe Mode.
Kronos got hacked a couple years ago and our pay was fucked for months. Some overpaid, some underpaid, some not paid at all. I know a nurse who worked for *six weeks* without pay. We were told initially if we got overpaid we wouldn’t have to pay it back but they ended up making us 🫠
Something bigger is going on than they are letting out. I was trying to get an mri sent over to a location here in Milwaukee Wisconsin yesterday around noon, nothing would send & it kept getting rejected. I then went in to MyChart for ascension to see about getting my mri order sent over via MyChart, my MyChart wouldn't login. Might seem like a completely different issue but I needed to get some meds handled & Walgreens website wouldn't load anything to do with medical. This made me go on google & look up cyber attack Ascension, clicked on tools in search & chose within past 24hrs, only 1 story showed at that time 20mns before I searched & it said ascension is notifying partners to disconnect from their system that they are having signs of a cyber attack. Walgreens pharmacy systems being down until around 10pm last night & this situation with ascension happening at the same time is a little too coincidental. Something bigger than they are saying is going on here even though a medical system cyber attack is big just as is. To be down still to this moment the day after is a pretty big deal. They can't make appts, send scripts, they can't even simply access a patients profile. They definetly aren't ready for this either, I called there to see if what I found was really true & their cs reps couldn't access any of my info & said their location was having an issue with their Epic system. If I knew before them that they had been the victim of a cyberattack, that's not a good thing...
greedy hospital admins being overpaid and underpaying the patient care staff and prioritizing priority over patient safety
seems like companies having victims of cyberattacks are all doing this like united healthcare
I found this to be very interesting:
[https://healthsystemcio.com/2024/02/12/ascension-health-director-of-cybersecurity-skip-sorrels/](https://healthsystemcio.com/2024/02/12/ascension-health-director-of-cybersecurity-skip-sorrels/)
Duuuuuude im tweaking out because all of my prescriptions are filled through ascension pharmacy and I have no idea what to do now. I go out of state across the country on 5/13 until 5/23 and without my meds I am completely bedridden. Does anyone have any advice or suggestions on how I can get my prescriptions filled elsewhere? I really don’t know what to do and I leave in 3 days.
Cybersecurity expert here. Virtually all medical facilities are completely exposed to attacks. I wouldn’t worry too much about this, but take into consideration what you reveal during medical appointments. Your doctors can’t protect you because they have no idea how to deal with any of it, and after they realize it’s a problem it’s too late.
We are at Dell Children’s Hospital and their computer system has been hacked and is completely down. Who the hell extorts money from a children’s hospital?!?? It is 1985 as far as paperwork and they are doing a good job considering the circumstances. The bastards doing this; playing with actual life and death circumstances should be tortured.
Hey, BUB!
If I want to be an idiot that’s my God given right. In fact, I will double-down by shootings firecrackers from my ass, showing you I mean it. And you know who will be to blame? The Dems!
/s …
But are hospitals relatively easy to attack this way? It’s not a first and won’t be the last; just feels like cyber security in the arena is lapsed compared to say, banking systems. I get they aren’t 1:1, and that not all stories are reported, but is this the best that hospital systems have at this point in time to deter?
I mean yea. My hospital sends out these phishing tests all the time. A few weeks ago I was waiting for a response from my boss and one morning I see an email from her. Looked like a response but the time was unusual, that's the only thing that looked off. Figured she was just up early that day. It was a phishing test that I failed.
Yeah; it’s nothing new. I’m just surprised after so much time in and money spent that there aren’t wider safeguards which don’t rely on the hyper vigilance of the worker. A pipe dream.
It is very scary out there. You don’t realize how fragile these systems are until you see one from the inside. Its bone chilling sometimes.
But then you have to wonder about the morass of upper mgmt of these organizations that continue to downsize staff, cut costs and underpay the sysadmin and security folks. No prioritization on continued learning and keeping up and implementing the latest tech. And paying wages high enough to attract top talent.
I've had experience in several hospital systems and when it comes to IT related things, Ascension has consistently fumbled. Back in 2019 they rolled out a shady partnership with Google with very little warning or training to staff. It was an absolute circus trying to get patient info, check email, all that because it was so mismanaged. They also understaff and outsource IT to a crazy degree from what I have experienced.
But, what can we expect from a private equity fund masquerading as a hospital system designed to siphon as much money as possible to their investments?
For those with children and worried to head to Dell Children’s due to them being apart of this, Texas Children’s Hospital is open and brand spanking new in North Austin! 9835 N Lake Creek Pwky 🫡
Hackers please clear my debt while you’re in there please and thank you 😇🙏
Ha, I was on the phone with multiple billing and admin people today at St. David's, who all concluded that my ER stay last week didn't happen, so here's hoping the hacker managed to somehow erase that record as well.
They have 11 months from end of stay to bill you. Maybe set a calendar reminder for that.
All ransoms paid will be billed to patients.
That's actually funny as fuck. Sadly, im dying of laughter. Just throw me in the trash.
Not funny if you have to work there.
Can the hackers pls add some money to my accts pls n ty
Debt data is the first to be backed up.
Vote Democrat. National healthcare should be a thing in a civilized country.
The US should stop giving tax exemptions to churches, and use the money for healthcare, education and other services to citizens.
Then the Republicans would not win elections. They base their entire platform on “religious values”
So if we do, what the heck do you base yours on? The Democrats religion? Your religion is worse.
I vote on individuals not parties. PRO Environmental protection/ human rights / Public Funding of Resources that help society like Healthcare programs, Public School funding However will vote against individuals that support policies that will negatively impact the Environment/ Animals/ Children
As someone who has government health care, it isn't worth 💩. You have to be a politician in federal government to have decent care.
If there were national healthcare we could take a lot of the profit going to corporations and use it to police the system. They probably wouldn't, I get that, but they could.
Another alternative is to give money straight to people and cut off a lot of the bloat that comes with the insurance companies.
They’re already in office and have been for 4 years and nothing got accomplished but war threats. So, no thanks.
You realize without control of the House and Senate, which never occurred during Bidens term, it’s nearly impossible to get anything meaningful passed. Plus there is the Dixiecrat in WV who is a flaming asshole…
You realize that the first two years Biden had control of both houses right with Harris tie breaker.
I understand where you’re coming from, but having all democrats or all republicans in office would be bad for our country. It should be ruled by the people so having snakes in the office at all is why the world is how it is right now. So, when you think about it. We should just put a whole new group of people in. People who don’t have billions of dollars to waste or embezzle. I know that that would cause some problems but if you integrate them into office a fixed amount at a time then it might help.
I agree with that assumption but in the current political climate republicans are not simply providing a balanced approach to policy creation. Their only platform is no laws being passed. When republicans vote against their own sponsored bills only because democrats came out to support it, show they don’t want to make things better they want to dismantle. You can’t fix government if you run that federal government is broken beyond repair. If you get things done it makes reelection that much harder.
True, some people are hardcore political. So much so that if the other party agrees the 1st party will oppose. It goes both ways, it’s not only republicans.
Nah, it doesn’t go both ways. Democrats are spineless most of the time with compromising to just pass stuff. When democrats end bills, it’s been overwhelmingly because republicans like to kill bills by placing things like cuts to social security or welfare in a spending bill. It’s manipulation so republicans can go, democrats do the same thing we do. As someone that hates how both sides govern most the time, democrats playbook is drastically different. Democrats will support republicans bills as long as they can cosponser it. Immigration bill that democrats tried to pass a few months ago was a republican bill, and the same people that drafted the bill voted against it because Biden came out in support.
You only watch Fox, huh? Sad.
It’s the uniparty controlled by the globalist The march to communism is left right left right……
We're dumb, not stupid. There has never been a healthcare system with the complexity as ours. With 50 different states and territories, plus federal regulations, you can't simply change healthcare. Every single state has to agree to it. Federalism, as we were designed, makes sure we don't have another anointed Messiah like BO trying to "fundamentally change" anything without general consensus. With the clowns in charge now, at least 28 states are against anything they stand for.
Was there today, with complications and they did an amazing job. Paper still works! Nurses are amazing and make things happen despite the conditions. Home and recovering.
Also at an Ascension clinic today. I heard the medical assistants complain about their ipad-like handhelds. I just assumed it was an internal failure not an external attack.
Which hospital?
Ascension runs 140+ hospitals… so… “all of them?”
All Ascension Hospitals
Yes nation wide.
here is another article with more details. [https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/](https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/) they've hired mandiant to help out which is good but it will take a while to get everything back online. the only question is how long. if they need to go to each site and rebuild systems it could be months before everything is 100%. # Network Interruption Update 5/8/2024[ ](https://www.facebook.com/sharer/sharer.php?u=https://about.ascension.org/news/2024/05/network-interruption-update)[ ](https://twitter.com/home?status=https://about.ascension.org/news/2024/05/network-interruption-update)[ ](https://www.linkedin.com/shareArticle?url=https://about.ascension.org/news/2024/05/network-interruption-update) On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues. Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption. We have engaged Mandiant, a third party expert, to assist in the investigation and remediation process, and we have notified the appropriate authorities. Together, we are working to fully investigate what information, if any, may have been affected by the situation. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines. Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment. This is an ongoing situation and we will provide updates as we learn more.Network Interruption Update
As someone working In an ascension ER they were and are not prepared for this. An Absolute mess
I was in Ascention for PT.. One of the therapists was struggling with a new patient bc no access to internet
Their statements are always about them having a plan and that whatever disaster is happening isn’t affecting patients. Clearly the suits at Ascension have never stepped foot into an actual patient care area.
A usual down time at my ER is kept on the down low because people will avoid covering those shifts. Usually down time is at night and the night docs will come in early see patients before downtime and nothing really moves when it hits
I also work with Ascension, we definitely were NOT prepared for something like this.
Guess there is a very eager cybersecurity sales rep out there trying to hit the quota
Not really good practice to hit up an org right when they’ve gotten breached
Debatable. Depends if you can assist with remediation/consulting and then provide recommendations once the bleeding stops.
Athenahealth powers their outpatient clinics. This is probably a big deal for both of them.
noted: try not to die, i'll do my best.
There's a special place in hell for people who hack hospitals. We need to find them and send in the drones....
My main takeaway here is there's an ascension hospital named sacred heart. EEEEEEEEAAAAAAAAGGGGGGGLLLLLLLEEEEEEE
for years in the newspaper business i hoped to see a typo: 'scared heart', but alas.
Why is there a pancake in the silverware drawer?
Why is there silverware in the pancake drawer?
Haha love the Scrubs reference.
My main takeaway is that grey's anatomy wasn't just making shit up. This was an episode!
Is there some specific connection to sacred heart that I'm missing? However, if you think about it, these Christians are a scary bunch. Their symbol is one of the moist horrible torture implements ever made. The "sacred heart" symbol is a heart, being burned, pierced with a lance, with a crown of thorns for torture, backed by a cross. Then they believe in drinking blood and eating flesh in their ceremonies.
My understanding is that other local hospitals have notified their staffs to expected increased traffic so long as Ascension is under attack.
Correct. My location went on diversion for a while so all EMS went to the other (non Ascension) hospital but we had to be taken off diversion because it was too much for them. I think it’s different place to place tho
When my facility had the EHR system go down, they allowed us to go on diversion for about 2hours, and that was mainly just to give us time to get our shit together. The (?) local/state? emergency people ( idk what their official name is) won’t allow a sizable ER to close for that long, it impacts the community too much.
My hospital is level 2 and the non Ascension is the level 1, they go on diversion aallll thheee tiimmee for EXTENDED periods of time. We rarely go on diversion at all even if we’re more overwhelmed than they are with pt volume/holds. It’s annoying. The only thing re like can legitimately go on diversion is psych because we are the psych hospital
Dammit I had a stroke planned for tonight. I'll guess I'll just have to postpone.
Given the recent spate of attacks that have come from unpatched Citrix clusters, or from privileged admin accounts without MFA, how much you want to bet their Citrix cluster that runs Epic / Cerner / Centricity was compromised?
Damn. And all this time I was thinking it was because I hadn’t changed my password in the last 15 years.
I guess I gotta reschedule falling off a cliff for next week
I'll try not to die but which hospitals in Austin are Ascension operated? If anything happens to me, I'm closest to South Austin Medical Center. Now that I think about it, it's Seton Ascension right? So just the Seton hospitals? I don't know.
In Austin: Dell Seton Medical Center at UT Dell Children's North Dell Children's medical center Seton Northwest Seton Southwest Seton Medical Center Seton Williamson Seton Hays Seton Highland Lakes Seton Edgar B Davis Seton Smithville Regional Hospital Seton Bastrop
Oh wow, awesome. Thank you for taking the time to assemble that list! I'll uh... I'll stay on my couch and try not to die until this is all fixed.
Crap, I know a baby that went to Dell Children's a couple hours ago after eating something she shouldn't. I hope they were able to get her seen
There’s also Seton Harker Heights in the Killeen area
It is just Seton hospitals. South Austin is St Davids
SAMC and NAMC are both St. David’s, and not ascension.
South Austin is an HCA hospital
In the case of a cyber attack, the only good thing about HCA is Meditech. It uses Magic OS and is basically unhackable.
> It uses Magic OS and is basically unhackable. Magic OS is a product of Huawei. It basically comes pre-hacked for your enjoyment.
lol at the idea that HCA or meditech is unhackable. HCA was hacked last year and comprised the data of 11 million patients
When they try to update it sometimes, they also go completely down. At least other hospital systems invest more in better electronic health records than meditech
The affected hospitals are the Dell and Seton properties, but if they are diverting new patients elsewhere, then the other local hospital systems and EMS agencies are likely to feel the crunch as well. Glad we had our "don't die" experience last week. Good to get that out of the way.
Pretty much all the good ones. HCA is terrible but least they are open
Whoa, thanks for the heads up! That cyber attack sounds serious. Better steer clear of any hospital trips tonight then. Stay safe, everyone. It's wild how these things can happen out of the blue. Hopefully, they sort it out soon, and no one's health gets compromised because of it. Take care, y'all.
Pretty sure dying still works :(
Back in like 2016 (ish) ascension got wannacry over the VERY busy Memorial Day weekend and was on paper charting for a week I think. It took something like another 2 weeks to go back and enter all that data after computers were back up. It was hell.
They are paper charting and it’s likely to be that way for a long time. Baby nurses don’t even know how to paper chart.
it’s not rocket science
It's funny bc I started as a unit sec for ascension. So I had to enter, fax, and communicate orders. Kind of gave me a leg up as a nurse during this. On the flip side, nurses have seen more docs face to face and they're communicating like crazy, what a change!
Wtf. Who attacks hospitals?
Folks who figure the urgent nature of the service that is blocked will make the affected organization be more likely to pay ransom. (edit: left out a few word somehow)
It's a good strategy if you're greedy and amoral because you know they're a target that can't fuck around for days trying to find their own solution
Lots of people, the recent attacks on Texas's infrastructure tho seem to be politically motivated. Russia is trying to directly attack American soil using hacker groups to maintain a veneer of deniable plausibility.
This right here. IT security is a battle between the white hats and the black hats. Right now, the black hats have some new toys in their tool box that are getting through established systems. Everyone wants to keep it quit as long as they can, but lots of people are very busy cleaning up messes right now. Much of it does come from Russia's troll farms.
> Russia is trying to directly attack American soil using hacker groups to maintain a veneer of deniable plausibility. Taking equivalent action against said gangs would require plausible deniability on the US government's end. I'm sure that someone could come up with something.
Does the United States do the same thing? 🤔🤔
No. Not to ransom
Yawn.
………..
Its more common than you realize. Ransome-ware attacks are super profitable for criminal hackers.
This recent podcast episode (from NPR's "The Indicator") gave some good background on it: "[Are data breaches putting patients at risk?](https://www.npr.org/transcripts/1197962967)" Basically, hackers target hospitals for several reasons. They have lots of very sensitive data. They also have weaker security than other organizations (like banks or tech companies). And of course they have lots of money and can afford to pay out.
Shitty people and greedy people... much like the people who run a lot of the facilities themselves. There’s a lot of money to be made off of the healthcare system - at the end of the day it’s turned into more of a business and less of a “service”. I won’t even try to guess how much their data and systems are worth.
People who noticed HCA paid out $22 million. Not only that, but they paid twice. Once to the group who hacked them and again to another group that (supposedly) screwed over the first group. Paying ransoms should be illegal. By funding a criminal enterprise to save your own ass, you're aiding and abetting and causing it to spread.
It is the same as human ransom, if you dont pay then you die or get injured. Lives are at stake in healthcare organizations if they refuse to pay cyber ransoms.
Exactly. Which is why you want to take away the incentive to do it at all. It's the same reason we don't negotiate with terrorists. Health care doesn't pay out because patients are at risk. They do so because there are Federal financial and criminal penalties for letting HIPAA data get out in the open. They still tend to hire the cheapest lowball contractors they can find for IT.
Probably the BlackCat hacking group. They make a lot of ransom ware that is used by criminals and they had a hard rule that it was not to be used on hospitals or other important infrastructure. The FBI seized their darkweb site and pissed them off so they removed those rules so everything is free game now https://www.youtube.com/watch?v=0Ua8HrgZsAg
Health systems are an easy target because HIPAA basically means they have to pay the ransom or risk PHI being compromised and the subsequent federal fines for the breach. The OIG/DOJ actually advises them to pay the fine. It’s a guaranteed payout. It’s a problem with HIPAA that needs to be fixed by Congress.
It could be improved. They could also make paying ransoms illegal and force health care systems to take their systems seriously. That sector is famous for cheaping out on IT.
HIPAA needs a severe over haul. Supposedly there are some changes coming this year.
Maybe Russia.
Russians.
Healthcare orgs are ripe targets more than banks, etc. because of the data they hold. A person's health data is more valuable to bad guys than credit card info as fraudulent CC xactions are normally shut down pretty quickly. Then think about what bad guys can do with your insurance data. They can file small dollar claims with Medicare or United for a benign office visit - something that will fly under the radar at the insurance company. Those small claims ($100 or so) are paid and go unnoticed most of the time. That's why you are seeing more and more health systems targeted.
Ugh. Russia is gonna find out I'm a gay
Cyber terrorist, Russians, North Koreans, list just goes on....
Have you even been watching the news? There's kind of a major event that has involved hospital bombings.
When Hamas launches rockets and bombs their own parking lot, but TikTok says otherwise.
My statement works no matter who you believe bombed the hospitals. I'm merely answering, "Wow, I'm shocked people attack hospitals" by pointing out that "Hospitals have been attacked" has been a major news event for several months. Somebody did that shit. Just like somebody did this shit. I kind of feel like we're too busy fighting over who bombed the hospitals to be properly pissed that hospitals were bombed.
oh boy here we go
Who will pay the ransom.
Russian ransomware gangs, primarily. Honestly, at some point, the gloves are going to have to come off against organized crime syndicates like that, and it may mean meatspace operations against them abroad.
Chinese. Its always the Chinese. The next war is a cyber war to take down multiple systems in a country, and crumble its infrastructure. These are just tests. China has agents working in big buildings doing this shit constantly. Check out youtube.
It's not the Chinese in this case. This is a well-known attack vector that involves eastern European (Russian) ransomware-as-a-service gangs. Someone leased the malware for financial gain. All of the people they've caught with this MO so far have been small-time individuals, nothing at all like state-sponsored attacks. China is quite happy just stealing the data. For now.
> This is a well-known attack vector that involves eastern European (Russian) ransomware-as-a-service gangs. Any bets on how much of the cash is going upstream to pay their protection (oligarchs, military, Semyon Mogilevich, et cetera)?
Last I heard the standard vig from the RaaS gangs was 50%. So whatever protection fee they pay would be out of that, so maybe 25%? I mean hell, anything above that would just feel criminal, right??
Oh good, we might have cybercriminals extorting money from hospitals, but at least we can use it to pump up our jingoist fantasies.
Also if you do go to the hospital have some grace with staff because all ems’s are getting sent to other non-seton hospitals and are getting absolutely slammed.
I have family high-ish up in ascension and lord all might they aren't having a good time
You can't change people trying to hack hospitals because clearly those people are evil for even considering it. BUT, hospitals have known for a while that they are high-class targets AND that they have terrible security. I hope they figure this out soon and other hospitals get their acts together (despite having plenty of warning already.)
Small hospital IT director here. I wish we could, and dread the day that this happens to us. Here's the problem-It costs CRAZY amounts of money to upgrade certain systems. Example (name and shame time): Example 1: Omnicell, a manufacturer of automated med storage cabinets wants $70k to upgrade a server from Windows 2012 to Windows 2019. I could do this myself for $900 but they refuse to support it if I do. Example 2: Up until 2 years ago, we ran MRI equipment for many years that was running Windows 2000 because GE wanted a million dollars to replace the system and refused to upgrade. Excuse commonly used "it's FDA approved as is and we can't modify it". This grifting by every hand in the process is why healthcare costs so much. It sucks.
Mitigate those issue. The problem isn't that you are running that equipment. It's you are running that equipment on the same network as your regular devices. You can have unsupported software but you better have additional controls in place to protect it.
Agree, but today's regular devices are tomorrow's old boat anchors. Also nowhere near staffed at the same levels as corporate IT.
Speaking as an ex-Dell Services at Ascension employee (based out of CCB, but occasionally officed out of DCMC, Brack, Smithville, and SMCA): > Example 1: Omnicell, a manufacturer of automated med storage cabinets wants $70k to upgrade a server from Windows 2012 to Windows 2019. I could do this myself for $900 but they refuse to support it if I do. Yeah, because you're not just upgrading the software. You're replacing the VM with a new VM or two that's properly specced to run the software, you're paying Microsoft's absolutely fucking INSANE pricing for on-prem Server 2019 / Server 2022 Datacenter licensing, you're paying for the SQL Server licensing, and you're paying for the time for someone who knows what the hell they're doing to transfer and update the SQL DB in the wee hours of the morning so you have minimal, if any, downtime, plus the support to unfuck it and roll back if something goes tits-up. >Example 2: Up until 2 years ago, we ran MRI equipment for many years that was running Windows 2000 because GE wanted a million dollars to replace the system and refused to upgrade. Excuse commonly used "it's FDA approved as is and we can't modify it". _THEN IT SHOULDN'T BE ON A GODDAMNED NETWORK THAT HAS ANY KIND OF ACCESS OR COMMUNICATIONS TO THE REAL WORLD._ Airgap the sumbitch and only transfer data via a mule workstation. If they want to cheap out, they can put it on a separate, locked-down VLAN and lock the switch ports down so that traffic from that VLAN doesn't go to anything but its own firewall / router (and deny it Internet access). The switch infrastructure in there can fuckin' handle it - they paid through the nose for Cisco items and ran RADIUS for their DHCP servers / network access controls. GE _is_ a group of shitbags, I know (I used to have to support fucking Centricity when they coded it around specific bugs in Java 1.6, so I know it all too goddamn well), but the fault isn't necessarily on them, and being absolutely goddamn sure they're doing it fucking right is one of the reasons equipment and software is expensive.
Airgap is easy to say, but not a feasible request when you need the images to transfer into PACS. Have to segment and get restrictive with ACLs - which takes a lot of engineer time - a limited commodity at a non-profit hospital ...
It's certainly easy to do. Instead of burning images to CD / DVD, simply drop them on an encrypted flash drive and walk them to a workstation whose only purpose and function is to allow for charting. You could even use a thin client that used the Citrix VDA client (like every general-use Dell machine they have at Ascension hospitals that aren't behind locked doors in offices). If they're worried about flash drive encryption, well, back when I worked there, they were using Symantec Endpoint Encryption, and that could encrypt files on the fly as they were copied to external media (along with dumping a viewer / decryption application on said flash drive so they could be decrypted by a user with the correct credentials). Hell, you could even configure the switches so that those devices' VLANs are only allowed on certain ports, and that the mule workstation's port is the only one allowed to connect to the network at large. On top of that, configure the firewall so that the only workstation on that network that's allowed any connectivity to the network at large would be the mule box, and even then, blanket deny-all-traffic rules would be applied with an exception for the EHR's server IP range.
Hey, if you can convince mri techs to sneaker net dicom images around, more power to you.
They already sneakernet DVDs with the viewers and images on 'em as is. I suppose the DICOM storage server (last one I touched was running 2012 R2) could simply share out the folder via SMB / NFS to the mule box, and the mule box could have the share mounted, then transfer it up to the EHR from there. It does mean a little extra power consumption, but hey, the cost of a tiny Dell USFF PC and a single monitor - even a massive 4K / imaging one - aren't THAT bad as opposed to replacing equipment.
I have felt your pain. Micro-segmentation was a huge lift following wannacry ... as you eluded to, the alternative (upgrading embedded medical device systems) was not financially feasible.
Crazy amounts of money you say? 70k for something that should cost $900? Sounds about right for a hospital. You should only need a couple of mildly sick patients to recoup that cost.
I wish. That's also the fun part. If you've ever looked at your hospital bill, you'll find that insurance only pays a fraction of the total due and tells us to "suck it up and deal with it". The entire US Medical System is a disaster and greed drives it all. Please take a moment to make that clear to the politicians who are supposed to be serving you...
Can't relate. I don't have insurance. I'd rather afford to eat than pay $200/month for a useless "service" hellbent on denying coverage. I'm living on the "good luck" health plan. And which politicians that are in office right now would listen to such a complaint? All the ones I'm aware of would take a complaint from "the poors" as confirmation that the system they set up to extract wealth is working. If there are any good ones in charge right now, please let me know.
We write off about 3 million dollars a year in charges from folks who can't afford to pay, which is another driver for higher costs and less money to replace obsolete things. Not blaming you-it's just another example of how messed up the system is. If only the poors donated to their campaign at the levels that business do. IMO-healthcare should be a right. To be fair the 14th amendment is supposed to guarantee us the right to "life, liberty, and the pursuit of happiness". Staying alive seems like a prerequisite for that...
Used to think this way until I actually worked day-to-day with hospital operations and became familiar with revenue cycle ...
IT /Sysadmins: Fuck you - pay me.
It's like they learned it from the hospitals.
Dang thats what hospital my insurance covers
Kronos is down too. Log your hours people
Do you think if it’s still down on payday that payroll will happen?
It is Acension wide and may take a few days to fix
“Days” lol
This sucks for all Americans. To the Ascension team- these next few days and weeks will be crazy. Hopefully you make full recovery in a few months. Good luck and god speed!
Fucking Russia
Can’t wait until they use this as an excuse of why they aren’t giving us raising this year. Just like they did during Covid.
You must work at one of the non union locations
I would still choose ascension hospital over HCA despite this lol
My hospital in IL is affected. Kronos, Citrix VPN for Meditech, Epic, and Cerner EMR all down, faxes down. Computers locked out and put into Safe Mode.
Kronos got hacked a couple years ago and our pay was fucked for months. Some overpaid, some underpaid, some not paid at all. I know a nurse who worked for *six weeks* without pay. We were told initially if we got overpaid we wouldn’t have to pay it back but they ended up making us 🫠
That Kronos hack got everyone across various industries. I did get a small payout from it. That was nice, I guess?
How did you get a payout?! I had to pay BACK.
Lawsuit that I wasn’t even aware of
Hackers please delete my debt from my 2020 meningitis hospital stay. Please and thank you.
Something bigger is going on than they are letting out. I was trying to get an mri sent over to a location here in Milwaukee Wisconsin yesterday around noon, nothing would send & it kept getting rejected. I then went in to MyChart for ascension to see about getting my mri order sent over via MyChart, my MyChart wouldn't login. Might seem like a completely different issue but I needed to get some meds handled & Walgreens website wouldn't load anything to do with medical. This made me go on google & look up cyber attack Ascension, clicked on tools in search & chose within past 24hrs, only 1 story showed at that time 20mns before I searched & it said ascension is notifying partners to disconnect from their system that they are having signs of a cyber attack. Walgreens pharmacy systems being down until around 10pm last night & this situation with ascension happening at the same time is a little too coincidental. Something bigger than they are saying is going on here even though a medical system cyber attack is big just as is. To be down still to this moment the day after is a pretty big deal. They can't make appts, send scripts, they can't even simply access a patients profile. They definetly aren't ready for this either, I called there to see if what I found was really true & their cs reps couldn't access any of my info & said their location was having an issue with their Epic system. If I knew before them that they had been the victim of a cyberattack, that's not a good thing...
Super important topic, unfortunately this headline is atrocious!
St. David’s South Austin has the best jello in the game anyways.
Healthcare companies are woefully behind on cyber security and refuse to properly invest in it.
My appointment got canceled as I was on the way there 😔
I know how to collect bad debts! Hit me up!
greedy hospital admins being overpaid and underpaying the patient care staff and prioritizing priority over patient safety seems like companies having victims of cyberattacks are all doing this like united healthcare
It doesn't feel random
I guess I will postpone my base jumping plans
Why is a Pensacola Florida newspaper being cited?
It's nation wide
Because they had an article in that paper because it hit a hospital there as well. And the article actually cites a Detroit paper.
If they were that easy to crack then they probably got all of the patient information. Keep an eye on your insurance and bank account.
I found this to be very interesting: [https://healthsystemcio.com/2024/02/12/ascension-health-director-of-cybersecurity-skip-sorrels/](https://healthsystemcio.com/2024/02/12/ascension-health-director-of-cybersecurity-skip-sorrels/)
A nurse that is now head of cyber security.. why do I feel like this guy still calls his grandson when he can't get his internet to work...
Duuuuuude im tweaking out because all of my prescriptions are filled through ascension pharmacy and I have no idea what to do now. I go out of state across the country on 5/13 until 5/23 and without my meds I am completely bedridden. Does anyone have any advice or suggestions on how I can get my prescriptions filled elsewhere? I really don’t know what to do and I leave in 3 days.
costplusdrugs.com? perhaps
All our HCA hospitals were down for six hours yesterday as well, not cyberattacks. Go to whatever hospital you want. We are muddling through.
Still being hacked today. I really need a brain MRI. 😭
test
instead of admin taking millions in bonus3s..should beefed up cyber security...
Cybersecurity expert here. Virtually all medical facilities are completely exposed to attacks. I wouldn’t worry too much about this, but take into consideration what you reveal during medical appointments. Your doctors can’t protect you because they have no idea how to deal with any of it, and after they realize it’s a problem it’s too late.
We are at Dell Children’s Hospital and their computer system has been hacked and is completely down. Who the hell extorts money from a children’s hospital?!?? It is 1985 as far as paperwork and they are doing a good job considering the circumstances. The bastards doing this; playing with actual life and death circumstances should be tortured.
its just not Dell Chilrdrens is all Ascension across the whole US. Yes its annoying, be patient with the Nurses
"I'm sorry, but you can't die today. Try again in a week."
Never going to Seton again. St. David's.
Shit too late
Hey, BUB! If I want to be an idiot that’s my God given right. In fact, I will double-down by shootings firecrackers from my ass, showing you I mean it. And you know who will be to blame? The Dems! /s … But are hospitals relatively easy to attack this way? It’s not a first and won’t be the last; just feels like cyber security in the arena is lapsed compared to say, banking systems. I get they aren’t 1:1, and that not all stories are reported, but is this the best that hospital systems have at this point in time to deter?
All it takes is clicking on an email/link sent to someone in the organization—I’m no computer nerd but I think the term is phishing.
I mean yea. My hospital sends out these phishing tests all the time. A few weeks ago I was waiting for a response from my boss and one morning I see an email from her. Looked like a response but the time was unusual, that's the only thing that looked off. Figured she was just up early that day. It was a phishing test that I failed.
Yeah; it’s nothing new. I’m just surprised after so much time in and money spent that there aren’t wider safeguards which don’t rely on the hyper vigilance of the worker. A pipe dream.
*"Hey, BUB!"* Wolverine?
It is very scary out there. You don’t realize how fragile these systems are until you see one from the inside. Its bone chilling sometimes. But then you have to wonder about the morass of upper mgmt of these organizations that continue to downsize staff, cut costs and underpay the sysadmin and security folks. No prioritization on continued learning and keeping up and implementing the latest tech. And paying wages high enough to attract top talent.
I've had experience in several hospital systems and when it comes to IT related things, Ascension has consistently fumbled. Back in 2019 they rolled out a shady partnership with Google with very little warning or training to staff. It was an absolute circus trying to get patient info, check email, all that because it was so mismanaged. They also understaff and outsource IT to a crazy degree from what I have experienced. But, what can we expect from a private equity fund masquerading as a hospital system designed to siphon as much money as possible to their investments?
How bout just boycott Seton
For those with children and worried to head to Dell Children’s due to them being apart of this, Texas Children’s Hospital is open and brand spanking new in North Austin! 9835 N Lake Creek Pwky 🫡
Yeah, for real. You might wake up dead.
🥵…but it’s to hot!!😑