Photo: Andrew Brookes/Getty Images

照片：安德鲁·布鲁克斯/盖蒂图片社

University Medical Center (UMC) Health System in Lubbock, Texas, is facing a significant disruption following a large IT outage, part of a ransomware attack that has impacted its ability to deliver care and conduct routine operations.

德克萨斯州卢伯克的大学医学中心（UMC）卫生系统在发生大规模IT中断后面临严重中断，这是勒索软件攻击的一部分，影响了其提供护理和进行日常操作的能力。

The ransomware incident, which UMN confirmed began on September 20, has affected various aspects of the system's day-to-day operations, including electronic health records, billing and other health data management tools.

UMN确认9月20日开始的勒索事件影响了该系统日常运营的各个方面，包括电子健康记录、账单和其他健康数据管理工具。

As of now, UMC has been able to keep its emergency department open, but other services have been disrupted as the IT team works to restore functionality. An investigation into the incident is still ongoing.

到目前为止，UMC已经能够保持其急诊室的开放，但随着IT团队努力恢复功能，其他服务也被中断。对该事件的调查仍在进行中。

UMC has assured the public that no surgeries or urgent medical procedures have been canceled. However, many nonemergency services, including outpatient appointments, have been either postponed or rerouted to nearby facilities.

UMC向公众保证，没有取消任何手术或紧急医疗程序。然而，许多非紧急服务，包括门诊预约，要么被推迟，要么被转移到附近的设施。

Patients have been informed that the health system is relying on paper charting to continue providing care in the interim.

患者已被告知，卫生系统正在依靠纸质图表继续在此期间提供护理。

WHAT'S THE IMPACT?

影响是什么？

From a financial perspective, UMC's billing systems are also down, which will likely cause delays in insurance claims processing and patient billing, the system said, though it stopped short of providing specific details on the financial implications of the outage.

该系统表示，从财务角度来看，UMC的计费系统也出现了故障，这可能会导致保险索赔处理和患者计费的延迟，尽管该系统没有提供有关停电财务影响的具体细节。

'When healthcare institutions – especially those providing essential services to large regions – are targeted, the consequences go beyond financial loss,' said Emily Phelps, vice president of cybersecurity automation firm Cyware. 'Ransomware not only cripples operations but endangers lives, as seen when vital emergency services are forced to divert patients.

网络安全自动化公司Cyware副总裁艾米丽·菲尔普斯（EmilyPhelps）说，当医疗机构——尤其是那些为大地区提供基本服务的机构——成为目标时，后果不仅仅是经济损失勒索软件不仅削弱了行动，而且危及生命，正如重要的紧急服务被迫转移病人时所见。

We must move beyond reactive strategies.'.

我们必须超越被动策略。”。

UMC emphasized that IT staff are working 'around the clock' to investigate the cause and restore affected systems. It added that while EHR access is currently unavailable patient data remains intact, and there is no indication that data has been compromised.

UMC强调，IT人员正在“24小时”工作，以调查原因并恢复受影响的系统。它补充说，虽然EHR访问目前不可用，但患者数据保持完整，没有迹象表明数据已被泄露。

Nevertheless, the prolonged downtime is expected to affect workflows, making it difficult for providers to access patient histories, drug interaction records and other information.

。

'Unfortunately, down time is just as damaging to data disclosure, putting the victim here in a very tough spot,' said former National Security Agency cybersecurity expert Evan Dornbush. 'The economics of ransomware currently favor the attacker. As long as it is more expensive to be a defender, stories like this will continue to line our newsfeeds.'.

前国家安全局网络安全专家埃文·多恩布什（EvanDornbush）说，不幸的是，停机时间同样会破坏数据披露，使受害者陷入非常艰难的境地勒索软件的经济学目前有利于攻击者。只要成为一名后卫的成本更高，这样的故事将继续出现在我们的新闻提要中。”。

The hospital has urged patients with immediate medical needs to proceed to the emergency department, which remains operational. However, UMC has acknowledged the limitations imposed by the lack of access to real-time patient data, saying the return to normalcy could take some time.

医院已敦促有紧急医疗需求的患者前往急诊室，该部门仍在运作。然而，UMC承认缺乏实时患者数据带来的限制，称恢复正常可能需要一些时间。

THE LARGER TREND

更大的趋势

Among the biggest breaches this year was the Change Healthcare cyberattack, which is expected to cost UnitedHealth Group $1 billion to $1.5 billion this year, according to CFO John Rex. UHG paid $22 million to recover access to data and systems encrypted by the Blackcat ransomware gang.

据首席财务官约翰·雷克斯（JohnRex）称，今年最大的违规事件之一是ChangeHealthcare网络攻击，预计联合健康集团（UnitedHealth Group）今年将因此损失10亿至15亿美元。。

The February 21 cyberattack disconnected Change from claims payments for hospitals and physician practices, disrupting provider revenue and financial stability to the point of potential bankruptcy for some practices, according to an American Medical Association survey.

根据美国医学协会的一项调查，2月21日的网络攻击中断了医院和医生执业索赔付款的变化，扰乱了提供者的收入和财务稳定，某些执业可能破产。

And Ascension confirmed in May that it experienced an attack that disrupted patient care in its network. Ascension gave no further information on the ransomware amount or whether personal health information was compromised in the cyberattack. A similar attack hit Ardent Health Services in 2023.

阿森松岛在5月份证实，它遭遇了一次袭击，破坏了其网络中的病人护理。阿森松岛没有提供有关勒索软件数量或个人健康信息是否在网络袭击中受损的进一步信息。2023年，一场类似的袭击袭击了热心的卫生服务机构。

A KnowBe4 report from earlier this year showed the global healthcare sector experienced 1,613 cyberattacks per week in the first three quarters of 2023, nearly four times the global average, and a significant increase from the same period the previous year.

KnowBe4今年早些时候的一份报告显示，2023年前三个季度，全球医疗保健行业每周遭受1613次网络攻击，几乎是全球平均水平的四倍，与去年同期相比大幅增加。

This surge has contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.

这一激增导致医疗保健组织的网络攻击成本急剧上升，平均违约成本接近1100万美元，是全球平均成本的三倍多，使医疗保健成为网络攻击成本最高的部门。

Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.

勒索软件攻击占主导地位，在过去两年中，占医疗保健组织成功网络攻击的70%以上。

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.

HIMSS医疗保健网络安全论坛定于10月31日至11月1日在华盛顿特区举行。了解更多信息并注册。

Jeff Lagasse is editor of Healthcare Finance News.Email: jlagasse@himss.orgHealthcare Finance News is a HIMSS Media publication.

杰夫·拉加西是《医疗保健金融新闻》的编辑。电子邮件：jlagasse@himss.orgHealthcare《财经新闻》是HIMSS的媒体出版物。