June 14, 2024 at 10:27AM
Ascension disclosed a ransomware attack compromising the personal and health information of unknown patients. The incident disrupted their electronic health record system, leading to patient diversions and an ongoing investigation. The attack exfiltrated files from seven servers, potentially containing PHI and PII. Ascension is offering free credit monitoring and identity theft protection services to all patients and associates.
The meeting notes indicate that a recent ransomware attack on US healthcare organization Ascension led to the theft of personally identifiable information (PII) and protected health information (PHI) of an unknown number of patients. The incident caused disruptions to Ascension’s electronic health record (EHR) system, phone systems, and systems used for medication, procedures, and tests. The company is conducting an investigation, notifying relevant authorities, and working on restoring and remediating the affected systems. By June 11, EHR access had been restored in 11 states, with efforts to restore it across the entire network by June 14. The investigation revealed that the attackers exfiltrated files from seven servers, potentially containing PHI and PII. Ascension is providing free credit monitoring and identity theft protection services to all patients and associates, regardless of whether they were impacted by the incident. The incident was caused by an individual at one of Ascension’s facilities downloading a malicious file. Additionally, the company’s extensive healthcare network includes hundreds of hospitals and senior living facilities.