Last month, a ransomware attack forced the University Medical Center (UMC) Health System, a major healthcare provider in Texas, to divert some patients to other facilities.
The attack occurred a few weeks ago and caused an IT outage that affected the system’s operations.
Despite remaining open, UMC had to divert emergency and non-emergency cases due to the disruption.
The healthcare provider confirmed that the IT outage resulted from a ransomware attack. However, the specific group responsible remains unknown.
UMC operates a network of 30 clinics across West Texas and Eastern New Mexico, serving approximately 400,000 patients annually.
As the only Level 1 Trauma Center within a 400-mile radius, UMC is crucial in providing urgent surgical care to the region.
While the hospital is taking steps to mitigate the impact of the ransomware attack, some departments, such as radiology, remained closed or experienced significant delays in services.
Impact on Patients
The attack caused disruptions in IT systems, leading to delays in appointments, diagnostic tests, and procedures.
Some patients were forced to be diverted to other healthcare facilities, which caused inconvenience and additional stress.
Apart from disruptions in care and delays in services, the attack raised concerns about data privacy.
If patient data has been compromised during the attack, it may lead to identity theft, financial fraud, and other potential harm to already troubled patients.
“When hospitals are attacked, lives are threatened.
When you have the only level 1 trauma centre in the region shut down, ambulances on diversion, and the next level 1 trauma centre hundreds of miles away, you are putting people’s lives in jeopardy.”
–John Riggi, National advisor for cybersecurity and risk at the American Hospital Association
How is UMC handling the attack?
UMC Health System made significant progress to restore services within a week of the attack.
Emergency Centers, Urgent Care Clinics, and Physicians Clinics re-opened, and ambulances were being accepted at the Emergency Center.
However, as a precautionary measure, the Emergency Center is still diverting a limited number of patients until all UMC resources become fully operational.
UMC’s investigation into the ransomware incident is ongoing, and it remains uncertain whether any patient data has been compromised.
Yesterday, two weeks after the attack, UMC announced the restoration of the electronic health record system across all its locations.
The health system previously experienced a data breach in January, affecting 127,000 individuals.
Implications for the Healthcare Industry
The attack has underscored the urgent need for enhanced cybersecurity measures in the healthcare industry.
Not just in the US, health systems across the globe are being targeted. Recently India’s largest insurer, Star Health faced a data leak which made sensitive data of 3.1 crore patients publicly available on Telegram.
Ransomware attacks have become increasingly sophisticated and targeted, posing a significant threat to patient data and the continuity of care.
Healthcare organisations must invest in robust security infrastructure, implement regular security assessments, and train staff on best practices to mitigate the risks of such attacks.
In addition to the immediate impact on patient care, ransomware attacks can have long-term financial consequences. The costs associated with data breaches, system restoration, and legal expenses can be substantial.
As the healthcare industry continues to evolve, organisations must prioritise cybersecurity as a fundamental component of their overall risk management strategy.
By adopting proactive measures to protect patient data and ensure the resilience of their IT systems, healthcare providers can mitigate the risks of ransomware attacks and safeguard the well-being of their patients.
By Rohini Kundu and the AHT Team