Topics
More on Operations

UMC Health System hit with IT outage linked to ransomware

UMC has been able to keep its ER open, but other services have been disrupted.

Jeff Lagasse, Editor

Photo: Andrew Brookes/Getty Images

University Medical Center (UMC) Health System in Lubbock, Texas, is facing a significant disruption following a large IT outage, part of a ransomware attack that has impacted its ability to deliver care and conduct routine operations. 

The ransomware incident, which UMN confirmed began on September 20, has affected various aspects of the system's day-to-day operations, including electronic health records, billing and other health data management tools.

As of now, UMC has been able to keep its emergency department open, but other services have been disrupted as the IT team works to restore functionality. An investigation into the incident is still ongoing.

UMC has assured the public that no surgeries or urgent medical procedures have been canceled. However, many nonemergency services, including outpatient appointments, have been either postponed or rerouted to nearby facilities.

Patients have been informed that the health system is relying on paper charting to continue providing care in the interim.

WHAT'S THE IMPACT?

From a financial perspective, UMC's billing systems are also down, which will likely cause delays in insurance claims processing and patient billing, the system said, though it stopped short of providing specific details on the financial implications of the outage.

"When healthcare institutions – especially those providing essential services to large regions – are targeted, the consequences go beyond financial loss," said Emily Phelps, vice president of cybersecurity automation firm Cyware. "Ransomware not only cripples operations but endangers lives, as seen when vital emergency services are forced to divert patients. We must move beyond reactive strategies."

UMC emphasized that IT staff are working "around the clock" to investigate the cause and restore affected systems. It added that while EHR access is currently unavailable patient data remains intact, and there is no indication that data has been compromised.

Nevertheless, the prolonged downtime is expected to affect workflows, making it difficult for providers to access patient histories, drug interaction records and other information.

"Unfortunately, down time is just as damaging to data disclosure, putting the victim here in a very tough spot," said former National Security Agency cybersecurity expert Evan Dornbush. "The economics of ransomware currently favor the attacker. As long as it is more expensive to be a defender, stories like this will continue to line our newsfeeds."

The hospital has urged patients with immediate medical needs to proceed to the emergency department, which remains operational. However, UMC has acknowledged the limitations imposed by the lack of access to real-time patient data, saying the return to normalcy could take some time.

THE LARGER TREND

Among the biggest breaches this year was the Change Healthcare cyberattack, which is expected to cost UnitedHealth Group $1 billion to $1.5 billion this year, according to CFO John Rex. UHG paid $22 million to recover access to data and systems encrypted by the Blackcat ransomware gang.

The February 21 cyberattack disconnected Change from claims payments for hospitals and physician practices, disrupting provider revenue and financial stability to the point of potential bankruptcy for some practices, according to an American Medical Association survey.

And Ascension confirmed in May that it experienced an attack that disrupted patient care in its network. Ascension gave no further information on the ransomware amount or whether personal health information was compromised in the cyberattack. A similar attack hit Ardent Health Services in 2023.

A KnowBe4 report from earlier this year showed the global healthcare sector experienced 1,613 cyberattacks per week in the first three quarters of 2023, nearly four times the global average, and a significant increase from the same period the previous year.

This surge has contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.

Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.

Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.