Ransomware attacks have become one of the biggest threats to cybersecurity for industries around the world, but none has the kind of potential for harm as attacks on hospitals, as they can lead to delay in patient care, compromised protected health information and canceled procedures, NBC News reported Nov. 7.
Chicago-based CommonSpirit fell victim to a ransomware attack in October that led to several of its affiliated hospitals shutting down some IT systems, including its EHR systems.
This attack caused a ripple effect for patients of some CommonSpirit facilities, who had surgeries canceled and medications mixed up while computer systems were down.
One individual said when she took her 3-year-old son to MercyOne Des Moines Medical Center after he experienced dehydration and pain after his tonsil surgery, he was given "five times" the prescribed dose of pain medication, because the computer system that automatically calculates medicine doses was down due to the attack.
"Because of the cyberattack, my son was overdosed on pain medicine," Kelley Parsi, parent of the 3-year-old boy, told NBC News.
MercyOne declined to comment to NBC News about Ms. Parsi's situation, citing patient confidentiality, but said that it was "committed to providing safe, quality care for all patients we serve in their time of need." Ms. Parsi told NBC News her son made a full recovery.
MercyOne, an affilate of Trinity Health, still has some of its IT systems provided by CommonSpirit. Although the health system is no longer affilated with CommonSpirit, it was still affected by the ransomware attack due to the shared systems.
Another patient, Rachel Cupples, found out her ovarian cyst surgery at a CommonSpirit affiliate could not be scheduled due to the ransomware attack.
"I called and found out that all their systems were down and that they couldn't schedule or do anything," Ms. Cupples told NBC News.
CommonSpirit Health has since brought its scheduling systems back online and Ms. Cupples had successful surgery.
Both Ms. Parsi and Ms. Cupples said they don't blame the hospitals for the delay in patient care, just the hackers.
"It wasn't the doctors. It wasn't the medical receptionist or any of those folks," Ms. Cupples said. "They really did their best."