Ascension health system hit by cyberattack, clinical operations disrupted
Learn More
Ascension, a major healthcare nonprofit with operations across 19 states and Washington, D.C., is reporting a cyberattack that significantly disrupted its clinical operations. The health system includes 140 hospitals and 40 senior living facilities.
The incident, detected on May 8, 2024, is described as "unusual activity" on select technology network systems, leading to immediate investigation and remediation efforts. So far, Ascension has not confirmed whether ransomware is involved.
Multiple clinical operations have been impacted, with charting, scheduling, and prescription writing systems disrupted. Ambulances have been diverting new patients to other hospitals due to the disruption, and manual procedures have been activated to ensure continuity of patient care.
Disruptions have been confirmed in Ascension facilities in Wisconsin, Texas, Oklahoma, Indiana, and Michigan.
Business partners are advised to cut off network connections to Ascension. Third-party cybersecurity firm Mandiant is assisting with the investigation and authorities have been notified. The entire process indicates a major ransomware attack, although it's not confirmed.
Ascension is investigating whether any sensitive patient data was compromised. No details about number of affected individuals or data breached are disclosed. Ascension has committed to notifying and supporting affected individuals if a breach is confirmed.
Update - On 12th of June 2024, Ascension posted an update saying an “individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake.”
The attackers were able to take files from seven servers in the Ascension network - some of those files may "contain Protected Health Information and Personally Identifiable Information,".
Ascension still doesn't say how many people may have been affected.
The hospital system said it will notify individuals and regulators as required once the investigation is finished. Patients can request free credit monitoring even if their data was not affected.
Update - as of 19th of December 2024, Acension reports that the attack is affecting 5,599,699 individuals (patients, senior living residents, and employees) and has caused operating margin loss of 1.8 billion.
Compromised Data includes
- Medical record numbers
- Procedure codes
- Lab test results
- Dates of service
- Credit card numbers
- Bank account details
- Insurance information
- Social Security numbers
- Driver's license numbers
- Passport information
- Addresses
- Dates of birth
The attack has been attributed to the Black Basta ransomware group. Ascension claims that their Electronic Health Record (EHR) and clinical systems were not compromised, though the breach's overall impact remains severe. The organization is offering credit monitoring and identity protection services to affected individuals.
This attack follows the major attack on UnitedHealth Group's subsidiary Optum, which led to a $22 million ransom payment.
