Hard Reboot

Submitted by ADonahue on
Group of nurses inside hospital smiling

When a cyberattack took down their computer systems, Ascension nurses relied on their most valuable infrastructure: themselves.

By Lucy Diavolo

National Nurse magazine - Oct | Nov | Dec 2024 Issue

It all started with the breakfast orders. That’s what Lisa Watson, RN, remembers as the first sign something was wrong at Ascension via Christi St. Francis Hospital in Wichita, Kan., in May 2024. Nurses at St. Francis weren’t unaccustomed to downtime for their computer systems, as updates are a fact of life in any computerized workplace. But, in the coming hours, Watson says things went “downhill” as more and more of the technology around them crashed. 

Across town at Ascension Via Christi St. Joseph Hospital, Carol Samsel, RN, was at work on the critical care unit as systems started to go down. 

“Probably by midafternoon, nothing was able to be done on the computer anymore,” remembers Samsel, who’s been a nurse for nearly 40 years. “We didn’t have an answer from the hospital, but, by the end of the day, we were doing everything on paper.”

Eventually, nurses discovered that Ascension was dealing with a cyberattack that was shutting down the computer systems at hospitals nationwide, including four recently unionized Ascension facilities represented by National Nurses Organizing Committee: St. Francis and St. Joseph hospitals in Wichita, Ascension Seton Medical Center Austin (ASMCA) in Texas, and Ascension Saint Agnes Hospital in Baltimore, Md. Other National Nurses United affiliates also represent nurses at Ascension facilities, such as Michigan Nurses Association’s unit at Ascension Borgess Hospital in Kalamazoo, Mich. 

The hack took down computers nurses relied on for patient-care basics like ordering food, getting test results, fulfilling and administering prescriptions, paging staff for codes, and charting in electronic health records. All told, key systems were out for roughly a month as the cyberattack dragged on. That left just one key system left to do the work: The nurses.

Nurses hack back

By the end of her shift the first day of the hack, Samsel says nurses had coordinated a rapid-response crash course on paper charting. While some of the veteran nurses remembered hospital life before the move to computerized electronic health records, many newer nurses had never charted on paper before.

“‘Chart your assessment here. Here’s your vitals. Write out all your orders. Cross out the rest of the page so nobody else goes back and writes anything,’” Samsel remembers telling the newer nurses. “The first few days, we had somebody there who had done paper charting. We had an experienced person there to tell people how to do it.” These kinds of human double-checks were essential as computerized checks were offline.

In Baltimore, nurses reported that disruptions started as they tried to clock-in, with timeclocks down. Internal communications being down meant slowed things down, too. For example, rather than getting orders for things like vascular access through their computers or hospital-provided computerized pagers, nurses had to rely on their office phone’s voicemail, rushing back from setting up IVs in one unit to find out if their next patient was waiting already for them. 

Unionized nurses in Austin were also trying to adapt. Basic patient care tasks were hugely impacted, remembers Kristine Kittelson, RN in the postpartum unit there. Everything from lab results to pharmacy orders to patient discharges were delayed as nurses picked up the slack created by the down systems, and patients noticed.

“All of our patients were well aware of the chaos occurring outside of their doors,” Kittelson remembers. “It was really a hospital-wide learning experience. Everyone had something new in their unit they had to figure out.”

Despite this, nurses across Ascension described a sense of togetherness forged in the crisis.

“The nurses in my unit definitely helped each other out. It reminded me a little bit of the Covid days. We were a huge team, but my unit has always been a team,” says Watson, emphasizing the word team. A mainstay of the St. Francis intensive care unit for 19 years, Watson saw firsthand how nurses picked up the slack for each other as information was being dished out in a hospital without computers. Test results that would normally come in by computer were instead all printed on one printer that nurses had to make time for between patients. Meanwhile, doctors who could normally be paged about results had to be chased down through phone calls.

“We definitely are a team, but it definitely brought us even closer together,” said Watson. “The only thing we could do is hang on to our coworkers.”

Download issues

Several Ascension nurses said that information from management was sparse, both in the early days of the attack and as its impacts continued. While information was circulating in group chats, management was sparse with details on the hack, but kept rolling out new protocols. In some cases, nurses said they felt like they had just learned a new system for basic work tasks when, the next day, they’d find it had been completely overhauled again. For many nurses, Ascension’s lack of planning for this kind of scenario was the biggest frustration of the entire experience. 

“I think we need to be better prepared for something like this,” said Samsel. 

“Ascension needs to be more prepared,” agreed Watson. “They’re a reactive organization, not a proactive organization.” 

Nurses during and after the worst of the attack have taken action themselves, including updates to the paper materials in every unit that are to be used during downtime. At St. Joseph, Samsel says what was a simple cardboard file box has expanded into a larger plastic tub with the new changes they’ve made for downtime preparation. At St. Francis, Watson says a downtime workgroup has worked to update the materials in downtime binders and nurses have carts with all these materials in their units. In Austin, nurses also took action through their professional practice committee (PPC).

“We actually met with our CNO at the time. We called an emergency PPC meeting with her and had a table of downtime information on what is not working and what we would suggest and a lot of movement came from that,” Kittelson remembers. As a result of that emergency meeting with their professional practice committee, a new committee was established at their Austin hospital, which is working to update and standardize downtime binders across units, so that, in the event of another cyberattack, the paper charting can operate more seamlessly. 

Reminders of the outage linger in patients’ charts and in nurses’ concerns about their own personal data as employees. But so, too, do the lessons learned.

“I can’t imagine what it would’ve looked like if we wouldn’t have been able to call that meeting with our CNO and make these changes or be able to speak up,” Kittelson from Austin says, reflecting on how the hack came just months after nurses ratified their first union contract at their hospital, giving nurses options like their PPC to hold management accountable. “I can’t imagine what the experience would’ve been without that being possible.”

Lucy Diavolo is a communications specialist for National Nurses United.