While businesses get most cyber attacks, because of monetary gains for the culprit, other sectors should beware too. Ascension Health, a non-profit healthcare organization in the US, was hacked on May 8, 2024, and they are one of the largest Catholic healthcare systems globally. They offer compassionate, personalized care across various facilities, including hospitals and clinics. Their mission is to serve all, especially the poor and vulnerable, with values of reverence, integrity, compassion, and excellence. ?yes, big organizations get cyberattacked too. However, what happened at the Ascension Health cyber attack? What does it imply? The impact, And how is it being handled? Walk with me.
Related: 8 Key Cybersecurity Strategies for Businesses in 2024
Ascension Health cyber attack Incidence
On May 8, 2024, Ascension Health, one of the largest health systems in the United States, suffered a massive cyberattack that crippled its operations. The malware, characterized as a ransomware attack, targeted Ascension’s technology network systems. This resulted in the notice of odd behavior on a few servers.
Malicious actors often gain illegal network access and encrypt files or systems before demanding a ransom payment to decrypt them. Ascension’s cybersecurity team spotted the attack when they noticed unusual activity consistent with a ransomware intrusion. Further investigation revealed that the intruders had successfully breached the network, compromising critical systems and disrupting essential healthcare services.
Related: Common Password Pitfalls that Undermine Cybersecurity
Impact of the Ascension Health Cyber Attack
The cyberattack on Ascension Health affected many facets of its business and had rapid and significant effects. Important systems like MyChart, phone services, electronic ordering for tests and drugs, and electronic health records were rendered unavailable by the disruption.
On Friday, CNN reported that the cyberattack, which caused ambulance diversions at some Ascension hospitals, was the result of an attack using the Black Basta ransomware, according to four sources briefed on the investigation.
Medical professionals used manual workarounds and emergency crews sent patients to other healthcare facilities to uphold patient care standards. Delays in elective treatments and appointments, as a result, highlighted the gravity of the problem and the difficulties Ascension Health had in reducing the effects of the hack on its operations.
Aftermath of the Ascension Health cyber attack
Following the cyberattack, Ascension quickly responded by initiating an investigation to ascertain the scope of the breach. The health system, located in St. Louis, has not set a specific date for service restoration. However, it has informed stakeholders that they are working hard to remedy the issues. Nurses and staff encountered difficulties in accessing electronic health information and using electronic identification systems for devices such as glucometers.
Despite these obstacles, Ascension hospitals, doctor’s offices, and other locations remain open and operational. While patients may expect delays and disruptions in service. Access to health information, scheduling, and testing processes were disrupted. This necessitates the use of downtime policies and procedures to maintain patient safety and continuity of care.
Black Basta, the Russian-backed Ransomware Group
The cyberattack against Ascension Health, carried out by the Russia-backed ransomware group Black Basta, caused substantial delays to its operations.
The Health Information Sharing and Analysis Center issued a notice outlining the group’s increased targeting of the healthcare industry. This spurred the American Hospital Association to release cybersecurity guidelines to its members.
The attack disrupted vital clinical and IT services, such as imaging, posing operational issues for Ascension hospitals. Patients experienced delays and diversions, and staff had to rely on manual methods for health treatment. The event highlights the healthcare sector’s vulnerability to cyber threats and the critical need for stronger cybersecurity safeguards.
Ascension is actively working with law enforcement and government organizations to investigate and minimize the effects of the attack. Also, this program emphasizes the value of information sharing and proactive cybersecurity tactics in protecting healthcare institutions and patient data.
See Also: What is Cybersecurity Risk Management?
Patients Awareness Against Hospital Cybersecurity Breach
1. Patient Response to Data Breach: In the event of a data breach, be ready to comply with Ascension’s or the impacted medical providers’ instructions regarding credit monitoring or other preventive steps.
2. Keep Informed: To stay up to current on the state of systems and services impacted by hacks, make sure you frequently check for updates from reputable sources like Ascension. If cyberattacks cause disruptions to appointments or procedures, get in touch with your healthcare practitioner to confirm or reschedule.
3. Prepare for Emergencies: Create a thorough emergency medical plan that covers alternate healthcare providers and how to get in touch with them if a cyberattack targets your main hospital.
4. Maintain Personal Health Records: Keep detailed records of your medical history, including medications, allergies, and past surgeries, whether you print them out or store them on your devices. When electronic health records are unavailable during an emergency, these records can be extremely helpful.
5. Ensure Cybersecurity: Adhere to recommended cybersecurity standards, which include creating strong, one-of-a-kind passwords for all online accounts and, when feasible, turning on two-factor authentication. To create and safely save complicated passwords, think about utilizing a password manager.
6. Be Alert Against Phishing: Phishing attempts should be taken extremely seriously, as cyberattacks frequently cause a spike in phishing emails and phone calls. Set up antivirus software on every device you own to identify and stop the installation of malware from bad URLs.
See Also: 10 Ways to Improve Your Business Cybersecurity in 2024
Frequently Asked Questions
The cyberattack on Ascension Health was attributed to the Russia-backed ransomware group known as Black Basta.
Ascension Health experienced a ransomware cyberattack, specifically from the Black Basta ransomware group.