Following the recent Ascension ransomware attack, legal challenges are mounting for the healthcare giant. In the wake of the cyberattack that disrupted operations across its network of 140 hospitals, Ascension is now facing two proposed class-action lawsuits.
The lawsuits, which were filed in the District Courts of Illinois and Texas, allege negligence on the part of Ascension, specifically pointing to the failure to encrypt patient data as a critical oversight. According to the plaintiffs, this negligence has exposed them to the risk of identity theft for years to come following the cyberattack that led to the diversion of ambulances and the suspension of elective care services.
While Ascension has not confirmed any compromise of patient data, ongoing investigations are still underway. The plaintiffs argue that if proper encryption measures had been in place, data stolen by the cybercriminal group Black Basta would have been rendered useless, underscoring the alleged negligence displayed by Ascension.
An Ascension spokesperson stated, “We are conducting a thorough investigation of the incident with the support of leading cybersecurity experts and law enforcement. If we determine sensitive data was potentially exfiltrated or accessed, we will notify and support the affected individuals in accordance with all relevant regulatory and legal obligations.”
The lawsuits, filed shortly after the ransomware attack, focus on the healthcare provider’s alleged failure to implement adequate cybersecurity measures that could have potentially prevented the incident. Both cases, represented by the same legal counsel, emphasize the harm suffered by patients due to the exposure of their private information, which they claim was foreseeable and preventable.
Despite ongoing investigations and assurances of cooperation with authorities, Ascension has yet to disclose whether patients’ sensitive information was compromised during the cyber incident. The healthcare provider continues to work towards restoration and recovery following the attack, collaborating with industry-leading forensic experts to investigate the root cause of the incident.
Additionally, cybersecurity experts from Palo Alto Networks Unit 42 and CYPFER have been brought in to support the rebuilding and restoration efforts, focusing on bringing systems back online safely and swiftly. Ascension acknowledges that it may take some time to return to normal operations and is working on reconnecting with vendors with the help of recovery experts.
As a Catholic health system with a national presence, spanning 140 hospitals and 40 senior living facilities and employing approximately 132,000 individuals, Ascension faces financial strain due to the ransomware attack. However, industry analysts note that Ascension’s strong liquidity and leverage position provide a significant rating cushion against such one-off events.
In conclusion, the aftermath of the Ascension ransomware attack has led to legal challenges, ongoing investigations, and efforts towards recovery and restoration. The implications of this cyber incident extend beyond operational disruptions, highlighting the importance of robust cybersecurity measures in safeguarding sensitive patient data and preventing future breaches.