Cyberattack forces major US health care network to divert ambulances from hospitals

(CNN) — A major US health care system said Thursday that it is diverting ambulances from “several” of its hospitals following a cyberattack this week.

The cyberattack on Ascension, a St. Louis-based nonprofit network that includes 140 hospitals in 19 states, is also disrupting access to electronic health records, some phone systems and “various systems utilized to order certain tests, procedures and medications,” Ascension said in a statement distributed Thursday evening.

The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack. Downtime procedures are typically when health providers revert to backup processes, including paper records, that allow them to care for patients when computers are down.

News of the hack broke on Wednesday, and Ascension has in the last 24 hours followed a familiar playbook for many American organizations that have been assaulted by cybercriminals. Ascension has notified federal authorities of the incident, hired prominent US cybersecurity firm Mandiant to recover from the incident and shut down systems to try to keep the incident under control.

“We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained,” Ascension said in its statement Thursday evening.

It was not clear how many Ascension hospitals were sending ambulances to other locations because of the cyberattack. An Ascension spokesperson did not immediately respond to a request for comment on the matter.

It’s only the latest major hacking incident that has hobbled a big US health care network and sent US officials scrambling to offer support.

A February ransomware attack on Change Healthcare, a subsidiary of health care giant UnitedHealth Group, caused billing disruptions at pharmacies across the US and threatened to put some health providers out of business. A third of Americans may have had their personal data swept up in the hack, UnitedHealth CEO Andrew Witty estimated in testimony to Congress this month. UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data, Witty said.

That Change Healthcare hack incensed US lawmakers and prompted questions across the federal government about the vulnerability of America’s health care system to disruptive cyberattacks with cascading impacts — questions that the cyberattack on Ascension will do nothing to assuage.