Ascension, one of the largest health systems in the country, recently revealed that a ransomware attack on its systems was due to a worker accidentally downloading a malicious file. The health system emphasized that this was likely an honest mistake. Importantly, Ascension noted there is no evidence that data was taken from their Electronic Health Records (EHR) or other clinical systems, where full patient records are securely stored.
However, the attackers managed to access files containing Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. With the help of third-party cybersecurity experts, Ascension has gathered evidence indicating that the attackers extracted files from a small number of file servers used primarily for daily tasks by its associates. These servers represent seven out of approximately 25,000 servers across Ascension’s network.
Currently, Ascension is uncertain about the specific data affected and the identities of the impacted patients. To determine this, a comprehensive review and analysis of the compromised files is underway. Ascension has started this process, but it is a substantial task that will require significant time to complete.
As a precaution, Ascension is offering complimentary credit monitoring and identity theft protection services to any patient or associate who requests it. Those interested can call the dedicated call center at 1-888-498-8066.
The cyberattack, reported on May 8, caused significant disruptions, including shutting down access to electronic health records across Ascension’s 140 hospitals and leading to delays in patient care. On a positive note, Ascension announced on Friday that EHR access has been restored across its hospitals. This restoration means that clinical workflows in their hospitals and clinics are functioning similarly to pre-attack conditions, improving efficiencies in appointment scheduling, wait times, and prescription fulfillment.
However, medical records and other information collected between May 8 and the date of local EHR restoration may be temporarily inaccessible.
Despite this progress, the investigation into the incident is ongoing, along with efforts to remediate additional systems.
The cyberattack on Ascension is part of a larger trend of ransomware attacks targeting healthcare systems. In a related incident, Change Healthcare, affiliated with UnitedHealthcare, faced a ransomware attack on February 21. UnitedHealth Group CEO Andrew Witty disclosed to a House subcommittee that he paid $22 million in bitcoin to protect patient information during this attack.
Ascension has not made any statements about ransom payments but confirmed last month that the attack was ransomware-related, with class action lawsuits citing a Black Basta ransomware attack.
As Ascension continues its recovery and investigation, it underscores the need for heightened cybersecurity measures and vigilance to protect sensitive health information from cyber threats.