Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Ascensions Health System. Show all posts

Ascension Health System Hit by Cyberattack, Personal Data Likely Compromised

 



In a recent cybersecurity incident, Ascension, a major health system, has disclosed that cybercriminals stole files potentially containing personal information. This comes about a month after Ascension initially reported falling victim to a ransomware attack.

Ascension revealed that the attackers managed to extract files from seven of its 25,000 file servers. While the investigation is ongoing, preliminary findings suggest that these files may include protected health information and personally identifiable information. However, Ascension has yet to determine the exact data compromised or the specific patients affected.

Despite the breach, Ascension reported no evidence indicating that data from its electronic health records were stolen. The attack was traced back to an employee inadvertently downloading a malicious file, mistaking it for a legitimate document.

In response to the attack, Ascension is offering free credit monitoring and identity theft protection services to patients and employees. Those interested in these services can call 1-888-498-8066 to enrol. 

The attack, discovered on May 8, caused paradigm altering disruptions across Ascension’s network. Some elective surgeries and appointments were postponed, and one hospital in Illinois temporarily redirected ambulances to other facilities. Nurses at several hospitals faced challenges, such as difficulties in accessing doctors’ orders for medications and tests, and issues with their standard procedures for medication administration.

Ascension Illinois has recently restored its primary technology for electronic patient documentation, allowing hospitals and doctors' offices to resume electronic documentation, charting, and order sending. This restoration marks a crucial step in returning to normal operations.

This incident at Ascension is part of a troubling trend of cyberattacks targeting healthcare institutions. Earlier this year, Lurie Children’s Hospital in Chicago and the University of Chicago Medical Center also faced cyber incidents. Healthcare systems are prime targets for cybercriminals due to their size, reliance on technology, and the vast amounts of sensitive data they handle, according to the U.S. Department of Health and Human Services.

As cyber threats expand their territory, healthcare systems must remain vigilant and enhance their cybersecurity measures to protect sensitive patient information. The Ascension attack underscores the critical need for robust security protocols and employee awareness to prevent future breaches.


Cyberattacks Threaten US Hospitals: Patient Care at Risk


 

A severe cyberattack on Ascension, one of the largest healthcare systems in the United States, has disrupted patient care significantly. The ransomware attack, which began on May 8, has locked medical providers out of critical systems that coordinate patient care, including electronic health records and medication ordering systems. This disruption has led to alarming lapses in patient safety, as reported by health care professionals across the nation.

Marvin Ruckle, a nurse at Ascension Via Christi St. Joseph in Wichita, Kansas, highlighted the chaos, recounting an incident where he almost administered the wrong dose of a narcotic to a baby due to confusing paperwork. Such errors were unheard of when the hospital’s computer systems were operational. Similarly, Lisa Watson, an ICU nurse at Ascension Via Christi St. Francis, narrowly avoided giving a critically ill patient the wrong medication, emphasising the risks posed by the shift from digital to manual systems.

The attack has forced hospitals to revert to outdated paper methods, creating inefficiencies and increasing the potential for dangerous mistakes. Watson explained that, unlike in the past, current systems for timely communication and order processing have disappeared, exacerbating the risk of errors. Melissa LaRue, another ICU nurse, echoed these concerns, citing a close call with a blood pressure medication dosage error that was fortunately caught in time.

Health care workers at Ascension hospitals in Michigan reported similar issues. A Detroit ER doctor shared a case where a patient received the wrong medication due to paperwork confusion, necessitating emergency intervention. Another nurse recounted a fatal delay in receiving lab results for a patient with low blood sugar. These incidents highlight the dire consequences of prolonged system outages.

Justin Neisser, a travel nurse at an Indiana Ascension hospital, chose to quit, warning of potential delays and errors in patient care. Many nurses and doctors fear that these systemic failures could jeopardise their professional licences, drawing parallels to the high-profile case of RaDonda Vaught, a nurse convicted of criminally negligent homicide for a fatal drug error.

The health sector has become a prime target for ransomware attacks. According to the FBI, health care experienced the highest share of ransomware incidents among 16 critical infrastructure sectors in 2023. Despite this, many hospitals are ill-prepared for prolonged cyberattacks. John Clark, an associate chief pharmacy officer at the University of Michigan, noted that most emergency plans cover only short-term downtimes.

Ascension's response to the attack included restoring access to electronic health records by mid-June, but patient information from the outage period remains temporarily inaccessible. Ascension has asserted that its care teams are trained for such disruptions, though many staff members, like Ruckle, reported receiving no specific training for cyberattacks.

Federal efforts to enhance health care cybersecurity are ongoing. The Department of Health and Human Services (HHS) has encouraged improvements in email security, multifactor authentication, and cybersecurity training. However, these measures are currently voluntary. The Centers for Medicare & Medicaid Services (CMS) are expected to release new cybersecurity requirements, though details remain unclear.

The American Hospital Association (AHA) argues that cybersecurity mandates could divert resources needed to combat attacks. They contend that many data breaches originate from third-party associates rather than hospitals themselves. Nevertheless, experts like Jim Bagian believe that health systems should face consequences for failing to implement basic cybersecurity protections.

The cyberattack on Ascension calls for robust cybersecurity measures in health care. As hospitals consolidate into larger systems, they become more vulnerable to data breaches and ransomware attacks. Health care professionals and patients alike are calling for transparency and improvements to ensure safety and quality care. The situation at Ascension highlights the critical nature of cybersecurity preparedness in protecting patient lives.


Ascension Ransomware Attack: Worker Error Leads to Data Breach and Recovery Efforts

 

Ascension, one of the largest health systems in the country, recently revealed that a ransomware attack on its systems was due to a worker accidentally downloading a malicious file. The health system emphasized that this was likely an honest mistake. Importantly, Ascension noted there is no evidence that data was taken from their Electronic Health Records (EHR) or other clinical systems, where full patient records are securely stored. 

However, the attackers managed to access files containing Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. With the help of third-party cybersecurity experts, Ascension has gathered evidence indicating that the attackers extracted files from a small number of file servers used primarily for daily tasks by its associates. These servers represent seven out of approximately 25,000 servers across Ascension’s network. 

Currently, Ascension is uncertain about the specific data affected and the identities of the impacted patients. To determine this, a comprehensive review and analysis of the compromised files is underway. Ascension has started this process, but it is a substantial task that will require significant time to complete. As a precaution, Ascension is offering complimentary credit monitoring and identity theft protection services to any patient or associate who requests it. Those interested can call the dedicated call center at 1-888-498-8066. 

The cyberattack, reported on May 8, caused significant disruptions, including shutting down access to electronic health records across Ascension’s 140 hospitals and leading to delays in patient care. On a positive note, Ascension announced on Friday that EHR access has been restored across its hospitals. This restoration means that clinical workflows in their hospitals and clinics are functioning similarly to pre-attack conditions, improving efficiencies in appointment scheduling, wait times, and prescription fulfillment. However, medical records and other information collected between May 8 and the date of local EHR restoration may be temporarily inaccessible.  

Despite this progress, the investigation into the incident is ongoing, along with efforts to remediate additional systems. The cyberattack on Ascension is part of a larger trend of ransomware attacks targeting healthcare systems. In a related incident, Change Healthcare, affiliated with UnitedHealthcare, faced a ransomware attack on February 21. UnitedHealth Group CEO Andrew Witty disclosed to a House subcommittee that he paid $22 million in bitcoin to protect patient information during this attack. 

Ascension has not made any statements about ransom payments but confirmed last month that the attack was ransomware-related, with class action lawsuits citing a Black Basta ransomware attack. As Ascension continues its recovery and investigation, it underscores the need for heightened cybersecurity measures and vigilance to protect sensitive health information from cyber threats.

Health Care Network in Crisis: Cyberattack Shuts Down Operations Across US

 


After a cyberattack this week, the largest healthcare system in the United States is diverting ambulances to “several” of its hospitals, the company said Thursday. In a statement released Thursday evening by Ascension Hospital, a nonprofit network based in St. Louis with 140 hospitals across 19 states, it was also reported that electronic health records, some phone systems, as well as several systems used to order certain tests, procedures and medications, have all been disrupted by the cyberattack. 
In response to the cyberattack, the sprawling healthcare network, which also owns 40 senior living facilities, announced that it would be utilizing “downtime procedures for some time” in the coming days. When computers fail, healthcare providers usually resort to backup procedures to enable them to care for patients, such as paper records. Ascension Health System operates in 19 states across the U.S. and has been forced to divert ambulances from some of its 140 hospitals due to a cyberattack. 

As a result, patients' medical tests have been postponed, and the system has been blocked online. On Wednesday, Ascension's computer network systems showed “unusual activity.” This was a message sent to the Ascension team. There was no word from the Catholic health system in St. Louis regarding whether it had been hit by ransomware or if it had paid the ransom. 

An email seeking updates did not come from the health system, nor did it respond to any inquiries immediately. Ascension says that it had called in Mandiant, the Google cybersecurity unit which has a reputation for responding quickly to ransomware attacks, and the attack had the hallmarks of ransomware. 

In February of this year, Change Healthcare was the victim of a cyberattack that disrupted care networks across the country and the CEO of its parent company, UnitedHealth Group Inc., admitted in a congressional hearing that the company had paid a ransom of $22 million in bitcoin in return for the system continuing to operate. In an email to its patients and caregivers, Ascension said its electronic medical records system as well as MyChart, a web-based application that allows patients to access their medical records and communicate with their doctors, are offline. 

It has been reported by four sources briefed on the investigation that Ascension suffered a ransomware attack, which is a type of computer attack that cybercriminals usually use to lock computers and steal data to demand extortion. There have been reports that the type of ransomware used in the hack is called Black Basta, which has been used repeatedly in recent years by hackers to attack healthcare organizations due to its usefulness as a crypto locker. 

As reported by the Department of Health and Human Services, a criminal group known as Black Basta has been accused of using ransomware to extort money from Russian speakers. As discussed in a previous post, the Health Information Sharing and Analysis Center, a group of healthcare providers globally that shares cyber threat information through advisory publications, issued an alert last Friday warning that hackers had recently accelerated attacks against the healthcare sector with Black Basta ransomware. 

According to the advisory, at least two US and European healthcare organizations have "suffered severe operational disruptions" due to the Black Basta ransomware in recent months. The advisory warned that the organizations had not been identified to prevent the spreading of the malware. There was news on Wednesday that Ascension Corporation was hacked, Ascension has often been a victim of cyberattacks, as many American organizations have followed a familiar playbook over the last 24 hours. There has been a successful response from Ascension to the incident. 

The company notified federal authorities and hired a leading US cybersecurity firm, Mandiant, to recover from the incident and shut down all systems in an attempt to control the situation. There have been repeated contacts between senior US officials and Ascension CEO Joseph Impicciche in the period since the ransomware attack to figure out how the attack might impact the care of patients, according to CNN. A business partner in Ascension advised that while their connection to the Ascension system is temporarily suspended, their relationship will resume.

Ascension's spokesperson on Thursday confirmed that there had been no interruptions in patient care services in Illinois hospitals during Thursday's maintenance, but IT services experienced some interruptions during the day. It is a leading nonprofit healthcare system offering a wide range of high-quality healthcare services. 

In the wake of the ransomware attack that took place on Change Healthcare, a subsidiary of UnitedHealth Group, sensitive patient data has been compromised and billing problems have emerged across the country for pharmacies, hospitals, and practices, threatening the existence of some healthcare providers. A high-profile cyberattack was also reported in January at Lurie Children's Hospital in Chicago, causing a huge amount of damage. The hospital found itself compelled to disengage its telecommunication, email, and supplementary systems in response, thereby instigating weeks of disruption to customary operations. 

In recent years, healthcare providers throughout the United States have grappled with a notable surge in ransomware assaults. As per the findings of threat intelligence entity Cyble, a total of 105 ransomware attacks have targeted the healthcare sector globally since February 1, with 77 incidents occurring within the United States alone. In a recent interview with CBS News, Health and Human Services Secretary Xavier Becerra articulated concerns regarding the nationwide amalgamation of healthcare networks, emphasizing the potential repercussions of such consolidation on competitive dynamics. He underscored the risk posed by the over-concentration of healthcare resources, stating, "Consolidation occurs to such an extent that there are only a few players and when one or two of those big players go down, so goes the industry. We can't afford to have that." Ascension has refrained from disclosing whether the cyberattack it endured constituted a ransomware incident.