SILVERDALE — For a third day, an outage of electronic health records spurred by an "IT security incident" has crippled the operations of St. Michael Medical Center and those of more than 140 medical facilities managed by CommonSpirit Health System, the second largest nonprofit hospital chain in the country.
Appointments have been canceled and even critical procedures delayed, according to patients and their families. One couple said they've been denied a planned CT scan to check on a life-threatening brain bleed because of the outage and have been unable to contact health care providers to reschedule.
"My husband is in limbo with a potentially very serious neurological condition," said the man's wife, who requested their names be withheld as they're dependent on the hospital for care . "... If the brain bleed continues, there can be dire consequences to brain function and to life itself."
The massive outage of the electronic health records systems affects Virginia Mason Franciscan Health providers, including St. Michael Medical Center in Silverdale, Kitsap County's main hospital, and St. Anthony Hospital in Gig Harbor. Across CommonSpirit Health System, it is impacting many — if not all — of its 140 hospitals in 21 states.
CommonSpirit has not disclosed whether the incident is a ransomware attack, where hackers use malicious software to hold hostage a computer system, usually until demands are met — such as a cash payout. It's also unclear if patient data has been compromised.
Though the cause is not publicly known, statistically, it's the most likely cause, according to Brett Callow, an analyst with New Zealand-based Emsisoft, a cybersecurity firm.
"The big question is how much the attack progressed," Callow said. "Whether they stopped it early or if a whole bunch of systems have been compromised that could affect them for months."
At least 61 hospitals have been impacted by ransomware so far in 2022, according to Emsisoft.
Callow recommends those with accounts at the hospitals within CommonSpirit begin to check them for signs of fraudulent activity, as a way of erring on the side of caution if it is ransomware.
As required by law, CommonSpirit has 60 days to notify the federal Department of Health and Human Services for breaches affecting 500 or more people if information was indeed compromised in an attack.
Already, the outage is leading to big headaches for patients, families and health care providers. When Melinda Krieger took her sister to the doctor for a worrisome mass in her stomach Tuesday morning, staff there weren't even aware she had an appointment.
Her sister was still able to see the doctor at a clinic on Cherry Avenue in East Bremerton. But he couldn't put in a referral for a CT scan or authorize the procedure through insurance.
"They can't put anything in the computer," said Krieger, a Seabeck resident.
Medical providers have shifted to a makeshift paper system of record-keeping and using phones to connect with other providers and insurance companies. Kreiger and her sister were advised by the doctor to head to the emergency room at St. Michael Medical Center, which has been plagued by chronic understaffing.
"It was packed," said Krieger, who took her sister to St. Anthony Hospital in Gig Harbor, also a VMFH facility, after witnessing the crowding.
Inside, Krieger was able to get her sister in for the scan, but noticed growing stacks of paper behind the front desk counter, including on the floor, where staff appeared to be keeping ever-growing amounts of patient information that couldn't be logged online.
"And once we get the results, we'll carry them by hand to the doctor in Bremerton," Krieger said.
This article originally appeared on Kitsap Sun: St. Michael Medical Center in Washington experiencing outage