Ascension Ransomware Attack Affects all 140 Hospitals

Ascension ransomware attack

An Ascension ransomware attack has disrupted clinical operations at all of its 140 hospitals. Phone systems, electronic medical records, patient portals, and systems used to order tests, procedures, and medications are offline. The lack of access to electronic medical records has resulted in elective procedures being postponed to ensure patient safety, and several hospitals are on diversion for emergency services to ensure emergency cases can be triaged immediately. Patients have been advised to bring appointment notes on their symptoms and a list of current medications and prescription numbers or prescription bottles to their appointments.

Ascension, the largest Catholic health system in the United States, identified suspicious activity within its IT systems on May 8, 2023, and took immediate action to contain the incident, which involved taking many of its systems offline and bringing in Mandiant to assist with the response and investigation.

Ascension has confirmed that this was a ransomware attack, as was the case with the hugely disruptive attack on Change Healthcare in February. Ascension has not publicly announced which ransomware group is responsible for the attack; however, CNN spoke with four sources who said the attack was conducted by the Black Basta ransomware group. At this stage, Ascension is unable to provide a timeline on when the restoration work will be completed but said progress is being made and systems will be brought back online when it is determined to be safe to do so.

Ascension is maintaining close contact with the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Health Information Sharing and Analysis Center (H-ISAC) and is sharing data to help other healthcare organizations take the necessary steps to protect themselves against similar attacks. H-ISAC issued an alert on May 10 confirming Black Basta was a major threat to the healthcare industry, and the FBI, CISA, and their security partners have recently issued a sector-side alert about the Black Basta ransomware group.

The Black Basta ransomware group is known to exfiltrate data, but Ascension is unable to confirm at this stage of the investigation whether patient data was stolen in the attack. If the investigation confirms there has been data theft, the affected patients will be notified in accordance with all relevant regulatory and legal guidelines.

At the Bloomberg Tech Summit in San Francisco last week, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said the Biden administration will be issuing a proposed rule that will require hospitals and other healthcare organizations that receive Medicare and Medicaid payments to ensure that they meet certain minimum standards for cybersecurity, which are likely to be the essential HPH Sector Cybersecurity Performance Goals announced by the HHS earlier this year.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Download Free Checklist

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/