A ransomware attack on US private healthcare giant Ascension has caused major disruptions, with ambulances being diverted and patient appointments being postponed. The attack was confirmed by Ascension on May 9, after unusual activity was detected on select technology network systems the day before.
Ascension, which operates 140 hospitals across the US, stated that several hospitals are currently on diversion for emergency medical services to ensure immediate triage of emergency cases. In addition, electronic health records systems are unavailable, along with various systems used to book tests, procedures, and medications.
Despite the challenges, all hospitals and facilities remain open and are providing care. However, some non-emergent elective procedures, tests, and appointments have been temporarily paused while Ascension works to restore its systems. The company has not yet determined whether any sensitive information was accessed by the attackers, but stated that it will notify potentially affected individuals as the investigation progresses.
An Ascension spokesperson mentioned that the company is collaborating with cybersecurity experts to assist in restoration and recovery efforts. Law enforcement and relevant federal agencies, including the Department of Health and Human Services (HHS), have also been notified of the incident.
The primary focus for Ascension at the moment is on restoring systems safely and efficiently. The restoration process is expected to take time to complete, as the company works to bring its systems back online.
In a troubling trend, healthcare organizations have increasingly become targets for ransomware attacks. The incident at Ascension has been referred to as a ransomware event, with reports indicating that it was carried out by the Black Basta gang, a Russian-based Ransomware-as-a-Service (RaaS) operator. The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on Black Basta, revealing that the group’s affiliates have impacted over 500 organizations globally, including the Healthcare and Public Health (HPH) Sector.
Steve Hahn, Executive VP at cybersecurity firm BullWall, highlighted the concerning escalation of sophisticated RaaS groups targeting US healthcare. This incident comes on the heels of the Change Healthcare hack in February 2024, which disrupted patient care and prescriptions across the US. Change Healthcare’s owner, UnitedHealth, confirmed that it paid a ransom to the BlackCat ransomware group to restore its systems.
As investigations continue into the Ascension attack and other healthcare-related cyber incidents, the focus remains on safeguarding patient data and ensuring the security and resilience of healthcare systems. The increasing frequency and severity of these attacks highlight the need for robust cybersecurity measures and proactive response strategies within the healthcare industry.