Topics
Reimbursement
J&J backs down from its planned 340B rebate model
J&J backs down from its planned 340B rebate model
Revenue Cycle Management
Claims denials on the rise, complicating revenue collection, survey finds
Survey: Claims denials on the rise
Strategic Planning
Walgreens considering selling all of its VillageMD business
Walgreens considering selling all of its VillageMD business
Capital Finance
Risant Health to invest $1 billion in Cone Health
Risant Health to invest $1 billion in Cone Health
Supply Chain
FDA tells providers to prepare for supply chain disruptions
FDA to providers: Prepare for supply chain disruptions
Accounting & Financial Management
Advocate Health forgives medical debt linked to real estate liens
Advocate Health forgives medical debt linked to real estate liens
Budgeting
Insurers likely to pay $1.1 billion in rebates this fall
Insurers likely to pay $1.1 billion in rebates this fall
Quality and Safety
Free COVID-19 tests are now available
Free COVID-19 tests are now available
Billing and Collections
CMS reports over 12,000 No Surprises Act violations 
CMS reports over 12,000 No Surprises Act violations 
Claims Processing
Johns Hopkins Health Plans announces multi-payer portal
Johns Hopkins Health Plans announces multi-payer portal
Workforce
Feds grant $100 million to grow healthcare workforce
Feds grant $100M to grow healthcare workforce
Operations
UMC Health System hit with IT outage linked to ransomware
UMC Health System hit with IT outage linked to ransomware
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Christus Health to see $25 million expansion at Texas hospital
Christus to see $25M expansion at Texas hospital
Compliance & Legal
Steward CEO steps down, sues Senate HELP Committee
Steward CEO steps down, sues Senate HELP Committee
Policy and Legislation
HHS investing $75 million in rural healthcare infrastructure
HHS investing $75 million in rural healthcare infrastructure
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
ACO REACH changes more negative than positive, says participant
ACO REACH changes not positive, says participant
Acute Care
AHA: Hospitals improve patient safety measures above pre-pandemic levels
AHA: Hospitals improve patient safety measures
Ambulatory Care
Walmart announces closing of clinics and virtual care
Walmart is closing clinics and virtual care
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
Mass General, Tampa General deepen affiliation to advance specialty care
Mass General, Tampa General team on advance specialty care
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
OIG recommends New York refund managed Medicaid payments
OIG recommends New York refund managed Medicaid payments
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
HHS announces 54 drugs subject to rebates and lower coinsurance 
HHS announces 54 drugs subject to rebates
Population Health
Demand for age-friendly care soars as older population grows
Older population creating demand for age-friendly care
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Patients less likely to seek virtual behavioral care when paying out-of-pocket
Patients who pay cost-sharing less likely to seek virtual care
Mergers & Acquisitions
Cardinal Health to acquire Integrated Oncology Network for $1.1B
Cardinal Health to acquire Integrated Oncology Network for $1.1B
View more
Oct 01 More on Operations

UMC Health System hit with IT outage linked to ransomware

UMC has been able to keep its ER open, but other services have been disrupted.

Jeff Lagasse, Editor

Photo: Andrew Brookes/Getty Images

University Medical Center (UMC) Health System in Lubbock, Texas, is facing a significant disruption following a large IT outage, part of a ransomware attack that has impacted its ability to deliver care and conduct routine operations. 

The ransomware incident, which UMN confirmed began on September 20, has affected various aspects of the system's day-to-day operations, including electronic health records, billing and other health data management tools.

As of now, UMC has been able to keep its emergency department open, but other services have been disrupted as the IT team works to restore functionality. An investigation into the incident is still ongoing.

UMC has assured the public that no surgeries or urgent medical procedures have been canceled. However, many nonemergency services, including outpatient appointments, have been either postponed or rerouted to nearby facilities.

Patients have been informed that the health system is relying on paper charting to continue providing care in the interim.

WHAT'S THE IMPACT?

From a financial perspective, UMC's billing systems are also down, which will likely cause delays in insurance claims processing and patient billing, the system said, though it stopped short of providing specific details on the financial implications of the outage.

"When healthcare institutions – especially those providing essential services to large regions – are targeted, the consequences go beyond financial loss," said Emily Phelps, vice president of cybersecurity automation firm Cyware. "Ransomware not only cripples operations but endangers lives, as seen when vital emergency services are forced to divert patients. We must move beyond reactive strategies."

UMC emphasized that IT staff are working "around the clock" to investigate the cause and restore affected systems. It added that while EHR access is currently unavailable patient data remains intact, and there is no indication that data has been compromised.

Nevertheless, the prolonged downtime is expected to affect workflows, making it difficult for providers to access patient histories, drug interaction records and other information.

"Unfortunately, down time is just as damaging to data disclosure, putting the victim here in a very tough spot," said former National Security Agency cybersecurity expert Evan Dornbush. "The economics of ransomware currently favor the attacker. As long as it is more expensive to be a defender, stories like this will continue to line our newsfeeds."

The hospital has urged patients with immediate medical needs to proceed to the emergency department, which remains operational. However, UMC has acknowledged the limitations imposed by the lack of access to real-time patient data, saying the return to normalcy could take some time.

THE LARGER TREND

Among the biggest breaches this year was the Change Healthcare cyberattack, which is expected to cost UnitedHealth Group $1 billion to $1.5 billion this year, according to CFO John Rex. UHG paid $22 million to recover access to data and systems encrypted by the Blackcat ransomware gang.

The February 21 cyberattack disconnected Change from claims payments for hospitals and physician practices, disrupting provider revenue and financial stability to the point of potential bankruptcy for some practices, according to an American Medical Association survey.

And Ascension confirmed in May that it experienced an attack that disrupted patient care in its network. Ascension gave no further information on the ransomware amount or whether personal health information was compromised in the cyberattack. A similar attack hit Ardent Health Services in 2023.

A KnowBe4 report from earlier this year showed the global healthcare sector experienced 1,613 cyberattacks per week in the first three quarters of 2023, nearly four times the global average, and a significant increase from the same period the previous year.

This surge has contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.

Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.

Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.