Ascension, a leading US healthcare giant, faced a significant ransomware attack in May 2024, impacting crucial systems including electronic health records, phones, and scheduling. While emergency services remained unaffected, non-emergent procedures experienced delays.
The incident stemmed from an employee unknowingly downloading a malicious file, initially believed to be legitimate. In response, Ascension swiftly isolated affected devices on May 8 and transitioned to manual recordkeeping for procedures and medications.
"We have identified how the attacker gained access to our systems—an employee unintentionally downloaded a malicious file, mistaking it for a legitimate one. We view this as an honest mistake," affirmed the company.
While some services have been reinstated, Ascension continues working to fully restore electronic health records and clinical systems. Crucially, they assured, "There is no evidence that data was extracted from our secure Electronic Health Records (EHR) and clinical systems containing comprehensive patient records.
" Investigations revealed unauthorized access to files on seven servers out of Ascension's vast network of 25,000. These files potentially contain sensitive patient Protected Health Information (PHI) and Personally Identifiable Information (PII). Although the specific ransomware group remains unnamed by Ascension, sources suggest the involvement of Black Basta, known for targeting prominent entities since April 2022.
"We have made substantial progress in our investigation and recovery efforts with the support of cybersecurity experts. Evidence indicates that the attackers accessed files from a subset of servers primarily used for routine tasks by our staff," noted the company.
Ascension remains dedicated to restoring full functionality to patient portals, phone systems, and scheduling, reaffirming their commitment to protecting patient data and ensuring operational continuity in the face of cyber threats.
No comments:
Post a Comment