Ascension has given additional news on the cyberattack it discovered on May 8, 2024. The attack involved ransomware that impacted 142 hospitals’ operations. No schedule is given concerning the completion of the recovery. However, Ascension stated it is making progress on reestablishing systems, which will be available online as soon as it is safe. Several Ascension hospitals are diverting patients for immediate triage. Electronic health records are not accessible, the telephone system is not online, systems used for lab tests, procedures, and prescription drugs, and elective were delayed.
Ascension is keeping a close connection with the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Health Information Sharing and Analysis Center (Health-ISAC), and is giving details about the cyberattack so that it can be revealed to other healthcare companies to enable them to stop identical attacks. Ascension offers news about the restoration on its website and has publicized a Q&A for patients .
Ascension has no public announcement about the ransomware group responsible for the attack; nevertheless, CNN has spoken with four sources who stated that the Black Basta ransomware group was behind it. Black Basta has increased attacks on the healthcare industry. Two days after the attack, the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a joint cybersecurity advisory cautioning the healthcare and public healthcare sector regarding the group. The advisory includes the most recent indicators of compromise and current information on the group’s tactics, techniques, and procedures.
There is no information yet about the magnitude of involved patient PHI, however, considering the Black Basta group’s TTP, data theft is very probable. Ascension stated that in case data theft is affirmed, it will “alert and help those people according to all appropriate regulatory and legal tips.
Ascension Cyberattack is Disrupting Clinical Operations
Ascension, the United States’ biggest nonprofit and Catholic health system, has announced it is investigating a suspected cyberattack that has disrupted clinical operations. As a safety precaution, business associates were told not to use its systems. The cybersecurity firm Mandiant, owned by Google, has been engaged to assist with the investigation and remediation efforts, and the appropriate authorities have been notified about the suspected cyberattack.
Ascension enforced its incident response protocols after detecting unusual activity in parts of its systems and is presently reviewing the impact and scope of the disruption. That process needed the deactivation of certain systems. Policies and procedures were created and staff were trained on patient care without access to IT systems. Steps have been taken to reduce the impact on patients and ensure that patient care can be safely delivered. As a precautionary measure, some Ascension hospitals have put their emergency rooms on divert and are sending ambulances to alternative facilities.
Ascension has 142 hospitals, 40 senior living facilities, and more than 2,600 care sites in 19 states and the District of Columbia. It is still unknown how many facilities the attack affected, though there were news reports indicating hospitals in multiple states are experiencing disruption, with employees at those hospitals reporting that charting, scheduling, and prescription writing systems have been affected.
Ascension stated the strange activity was discovered inside its systems on May 8, 2024, and gave a summary of its actions in reply to the supposed cyberattack. However, little information regarding the attack is disclosed to date, for example, whether the cyberattack included ransomware. At this point of the investigation, it is unknown to what level, if any, patient information was breached. A representative for Ascension stated patients shall be informed sooner or later when it is confirmed that sensitive patient information was compromised and more details regarding the incident will be revealed as the investigation advances.