Healthcare provider Ascension, known for its expansive network of 140 hospitals, recently fell prey to a cyberattack, sending shockwaves through the medical community. The attack, which struck at the core of Ascension’s operations, disabled vital systems including electronic health records (EHRs), the MyChart patient communication platform, and crucial medication and test-ordering systems.

What happened?

In a disclosure on May 8, Ascension revealed the extent of the attack and assured the public of its commitment to investigating the incident alongside internal and external experts, with a steadfast focus on maintaining patient safety throughout the disruption.

On May 7 employees during their workday began to notice anomalies in the computer networks which prompted an immediate shutdown of all systems. The dangers of a cyber attack hold a paramount weight to the integrity of Ascension. Because of this attack, the health care provider had to temporarily suspend non-emergency medical procedures and appointments, and even more extreme, suspending or diverting emergency medical services. 

When did the attack take place?

Healthcare and insurance companies are constantly targeted by cyber criminals to either attack or successfully extract vital information which they can then turn around and sell on the dark web. From what we know of this attack on Ascension, it was specifically made to shut down the system in order to potentially compromise data or ask for a ransom to be paid in order for the system to be freed.

We say this happened in September 2023 with the MGM Resort and Casino being a part of a data breach in which the entire system was hijacked and shut down for weeks, including casino slot machines and computers, until they paid the millions in ransom in order to be given back their system. 

The effect of healthcare related cyber-attacks

This can take a major toll on the business or in this case hospitals and cause a great deal of damage to those in need of care and to the providers financially as well. When companies are attacked and vulnerabilities exposed, it can devastate the companies and even force them to shut down. Likewise, if it was a vulnerability created by the company’s failure to maintain a high security level, then fines can bombard them as well.

This attack has effectively shut down multiple hospitals while they work to troubleshoot the ransomware attack and gain control of their systems. Ascension responded by stating,

“We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures,” stated Ascension in a company release. “It is expected that we will be utilizing downtime procedures for some time.” They continued, “We are working to fully investigate what information, if any, may have been affected by the situation,” Ascension assured. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”

Kurt Osburn, director of risk management and governance at NCC Group, urged healthcare entities to adopt a proactive stance in fortifying their cybersecurity posture and implementing robust measures to safeguard patient data integrity and privacy. 

How to protect yourself

This unfortunate incident underscores the vulnerability of the healthcare sector to cyber threats. Just months prior, United Healthcare’s Change Healthcare subsidiary faced a similar ransomware attack, underscoring the persistent challenges confronting healthcare organizations in safeguarding their digital infrastructure.

In the wake of Ascension’s cyber crisis, the imperative for heightened cybersecurity measures within the healthcare landscape has never been more pressing. As the industry grapples with evolving threats, a concerted effort to fortify defenses and prioritize patient safety cannot be stressed enough.

Ensure you have dark web monitoring

Extremely private information is stored in businesses and hospitals especially carrying extremely important data on their customers including social security information, insurances, addresses, medical information, and much more. This is why having proper and constantly evolving defenses in place is crucial, because it is our personal information that then gets in the hands of cyber criminals for them to do with what they wish. 

This is why constantly monitoring your private information for identity theft is not only recommended but needed. Data breaches and cyber attacks are becoming far too common, and steps need to be taken so that you can quickly respond to the threats the moment they arise. To not do so, can have devastating and long lasting effects for years to come.