Ambulances are still being diverted as UMC faces an ongoing cybersecurity incident

University Medical Center (UMC) is still dealing with the fallout from a ransomware attack last Thursday. The attack caused a widespread IT outage and forced the diversion of emergency and non-emergency patients to nearby facilities.

Although some services have been restored, the full impact of the attack remains uncertain as the hospital works to recover.

The ransomware attack, first discovered on September 26, crippled UMC's systems and impacted critical operations, including the diversion of ambulances from the hospital's emergency room, although the emergency department remains open to the public.

“Out of an abundance of caution, we are temporarily redirecting a select number of patients until all UMC resources are fully operational,” the hospital confirmed in a statement Sunday. This precautionary diversion will continue despite some progress in restoring services over the weekend.

UMC, the only Level 1 trauma center in West Texas, is critical to regional healthcare, particularly in trauma cases where time is of the essence. This diversion has raised concerns about the impact on patient safety.

A threat to national security

John Riggi, the American Hospital Association's national cybersecurity and risk advisor, emphasized the gravity of the situation to KCBD: “If the only Level 1 trauma center in the region is shut down by foreign bad guys, you're putting people's lives at risk.”

Riggi believes that a ransomware attack on a hospital crosses the line as it is no longer an economic crime, but a crime that threatens lives and should be vigorously pursued and prosecuted. “I use the term “prosecuted” in the full sense of the definition with respect to the capabilities and powers of the government, which include and exceed the law enforcement authorities of the government under United States Code (USC) Title 18.”

Ransomware attacks on healthcare facilities have increased in recent years, an alarming trend that threatens patient safety and national security.

Riggi noted that no hospital, no matter how prepared, can fully defend itself against such sophisticated cyberattacks without external help. “We need the federal government to take action against these bad guys, just as we have done to combat terrorism,” he said, urging a coordinated national response to what he called a significant national security threat.

Working on restoring systems

UMC worked with third-party cybersecurity experts to restore systems and assess the full extent of the attack. In a statement released Sunday, the hospital assured the community that “progress has been made in restoring certain services,” adding that “patient care and safety remain our top priority.”

However, UMC has not provided a timeline for full recovery of all operations.

Despite the ongoing challenges, UMC remains committed to restoring operations as quickly as possible. In its most recent statement, the hospital thanked the community for their support and reiterated its focus on patient care and safety: “We are committed to continuing to provide the best possible care to our patients and resuming normal operations as quickly and safely as possible.” “

For further updates, UMC encourages patients and the community to visit the website for the latest developments in recovery efforts.