June 13, 2024 at 05:57PM
Ascension, a large U.S. healthcare system, disclosed that a ransomware attack in May 2024 was caused by an employee’s unintentional download of a malicious file. The attack affected patient records and led to offline devices. While investigation is ongoing, evidence shows stolen data may include Protected Health Information. The attack is linked to the Black Basta gang, notorious for accelerating attacks against the healthcare sector. The impact on Ascension’s services is still ongoing.
From the provided meeting notes, it’s evident that Ascension, one of the largest U.S. healthcare systems, experienced a ransomware attack in May 2024. The attack was caused by an employee who mistakenly downloaded a malicious file onto a company device, impacting several crucial systems including the MyChart electronic health records system, phones, and systems used for ordering tests, procedures, and medications. As a result, some devices were taken offline, forcing employees to resort to paper records and prompting the healthcare system to pause non-emergent elective procedures, tests, and appointments.
Despite the ongoing investigation, it has been identified that the attackers gained access to and stole files from a small number of servers, potentially containing Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. However, there is no evidence yet that the attackers accessed the Electronic Health Records (EHR) and other clinical systems, which store full patient records.
The attack has been linked to the Black Basta gang, which has a history of targeting high-profile victims and is known for accelerating attacks against the healthcare sector.
As a significant nonprofit health network with 140 hospitals and 40 senior care facilities, Ascension employs a large number of providers and associates and reported a total revenue of $28.3 billion in 2023. However, the impact of the ransomware attack has caused ongoing service disruptions, and the healthcare system is still working to restore electronic health records systems, patient portals, and phone systems, as well as tests, procedures, and medication ordering systems.