Another Day, Another Cyberattack: Now Ascension Health System Reports Cybersecurity Breach Following ‘Unusual Activity’

Ascension health said that they immediately launched an investigation into the breach. However, access to some systems has been interrupted in the process.

Ascension, a prominent health system operating 140 hospitals across 19 states and Washington, DC, was hit by a major cybersecurity breach, the health system said on Wednesday.

In a statement, the health system said that it detected an unusual activity within its network systems following which its clinical operations were disrupted.

The nonprofit and Catholic health system disclosed that it suspects a cyber security event, prompting an immediate response to investigate and mitigate the breach.

The scope of the breach remains under scrutiny.

The incident is the latest in the series of cybersecurity attacks on healthcare systems in the US.

Potential Impact of the Health Data Breach

On Wednesday, Ascension Health, a non-profit hospital chain in a statement said that the organization detected an “unusual activity” on select technology network systems, which they believe is due to a cyber security event.

Ascension Health said that they launched an investigation into the breach. However, access to some systems has been interrupted in the process. The healthcare provider further said that it is still assessing the impact and duration of the disruption.

“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption,” a statement by Ascension read.

The organization has enlisted the assistance of security vendor Mandiant to aid in the investigation and remediation process.

Furthermore, Ascension assured the public that it has notified the appropriate authorities and is diligently assessing the impact of the breach.

The health system, which boasts 134,000 associates and 35,000 affiliated providers, has also urged caution among its business partners, recommending a temporary suspension of connections to its environment until further notice.

“We will inform partners when it is appropriate to reconnect into our environment.

 This is an ongoing situation, and we will provide updates as we learn more," it said in the statement.

Recent Cybersecurity Incidents in the US Healthcare Sector

The cyberattack on Ascension Health Systems adds to a series of prominent cybersecurity incidents within the healthcare sector in recent years.

In February, a cyberattack targeting a unit within UnitedHealth Group subsidiary Optum, Change Healthcare, caused significant disruptions for US pharmacies and patients.

UnitedHealth was compelled to pay a $22 million ransom following the attack, which underscored the vulnerabilities stemming from a lack of multifactor authentication.

In January 2023, Lehigh Valley Health Network in Pennsylvania fell victim to a cybersecurity attack orchestrated by the ransomware gang known as BlackCat.

This attack affected over 2,700 individuals, leading to the unauthorized disclosure of sensitive patient data.

Furthermore, the US Department of Health and Human Services issued a warning last month, highlighting the sophisticated tactics employed by threat actors targeting IT help desks in the health sector.

Organizations were advised to implement stringent security measures, including the adoption of Microsoft Authenticator with number matching and the removal of SMS as a multifactor authentication verification option.

As cybersecurity threats continue to evolve, healthcare organizations face mounting pressure to fortify their defenses and safeguard patient information from malicious actors.