Ascension Cyber Attack: Unlocked Consumer Health Data and Impact on Healthcare Sector

The largest nonprofit and Catholic health system in the United States, Ascension, was recently hit by a major cyber attack on May 9th. This attack, which directly impacted clinical operations across multiple facilities, comes in the wake of the recent Change Healthcare cyber incident. The cyber attack on Ascension unlocked consumer health data and disrupted various systems, including the electronic health records system, MyChart, phone systems, and other testing, procedural, and medication systems.

The cyber gang Black Basta has been identified as being responsible for the ransomware attack on Ascension. This group is known for its double extortion style of attack, where they steal sensitive data from victims and then demand ransoms to prevent the stolen data from being leaked. Black Basta has targeted at least 20 victims in its first two weeks of operation, indicating a high level of sophistication.

The fallout from the Ascension cyber attack has been significant, with ambulances being diverted and care delays occurring as a result of the attack. Patient care has been negatively impacted, with potential gaps or delays in care being reported. The incident has raised concerns about patient wellbeing and the overall cybersecurity readiness of the healthcare sector.

As investigations into the cyber attack continue, regulatory bodies are closely monitoring the situation. Ascension has notified the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the American Hospital Association (AHA) about the incident. The healthcare provider is also sharing threat intelligence with industry partners to protect themselves from similar incidents.

The back-to-back cyber incidents involving Change Healthcare and Ascension have highlighted the vulnerabilities in the healthcare sector’s cybersecurity infrastructure. The importance of certifications like HITRUST and HIPAA in risk management strategies has been emphasized, with the healthcare industry likely to increase its reliance on these certifications in the future. As the fallout from the Ascension cyber attack continues to unfold, the impact on patient health and regulatory responses remains to be seen.