Eduardo Conrado, president of St. Louis-based Ascension, discussed the health system's May ransomware attack at a Nov. 8 United Nations Security Council meeting.
The council met to discuss strategies for countering cyberattacks in healthcare, according to a Nov. 8 news release from the U.N.
Ascension's response to the May 8 ransomware attack cost the health system approximately $130 million. The attack forced its hospitals and clinics off its EHR system and disrupted key diagnostic services, including MRIs and CT scans.
It took 37 days to fully restore Ascension's systems, Mr. Conrado wrote in a Nov. 10 LinkedIn post about his briefing at the meeting.
"Overnight, nurses were unable to quickly look up patient records from the computer stations and were forced to comb through paper back-ups for patient medical history and medications," Mr. Conrado said at the meeting. "Imaging teams were unable to quickly send the latest scans up to surgeons waiting in the operating rooms, and we actually had to rely on runners to deliver printed copies of the scans to the hands of our surgery teams."
A comprehensive approach is key, Tedros Adhanom Ghebreyesus, PhD, director-general of the World Health Organization, told the U.N. Countries should invest not only in technologies for detecting and mitigating cyberattacks but in training staff to respond to them, he added.
"Just as viruses don't respect borders, nor do cyberattacks," Dr. Tedros said in the release. "International cooperation is therefore essential."
The WHO plans to release new cybersecurity guidance in 2025.