Ascension’s Ransomware Attack Hampers Financial Recovery in FY24

The ransomware attack contributed to a $1.8 billion operating loss, although Ascension’s performance had shown signs of improvement before the breach.

Ascension, one of the largest Catholic health systems in the US, faced severe financial setbacks in FY24 due to a ransomware attack that disrupted operations in May. 

According to its recent financial filings, the cybersecurity breach delayed revenue cycle processes and negatively impacted cash flows. 

The attack contributed to a $1.8 billion operating loss, although Ascension’s performance had shown signs of improvement before the breach.

Losses Post-Ransomware Attack

In the fiscal year ending on June 30, 2024, Ascension logged a $1.4 billion loss from recurring operations, equating to a -4.9% recurring operating margin. 

The overall operating loss was $1.8 billion, including impairment and nonrecurring losses, and the net loss amounted to nearly $1.1 billion. 

Despite these figures, the organization’s financial performance improved over FY23, when it reported a $1.5 billion recurring operations loss and a $3 billion overall operating loss.

Before the ransomware attack, Ascension had nearly broken even. During the first 10 months of FY24, it had reduced its recurring operating loss to $79 million, with a recurring operating margin of -0.3%. The net loss during this period was only $4 million.

However, the ransomware breach led to significant disruptions in patient care systems, particularly Ascension's electronic health records (EHR). 

In its filing, Ascension stated, "This incident resulted in delays in revenue cycle processes, including insurance verification processes, claims submission, and payment processing, which collectively led to negative impacts to results of operations and cash flows during May and June 2024."

Although Ascension had restored its EHR systems by the end of FY24, the damage had already been done. Same-facility patient volumes in May and June were down by 8% to 12%, and exact full-year patient volume figures won’t be available until the second quarter of FY25. 

Management reported that across the first 10 months of the fiscal year, equivalent discharges rose by 2%, total discharges by 2.9%, and emergency room visits by 2.5%. Additionally, inpatient surgery visits increased by 2%, while outpatient surgery visits increased by 0.5%.

Total operating revenue across the first 10 months rose to $24.8 billion from $23.6 billion in FY23. However, full-year revenue growth was marginal, with Ascension reporting $28.6 billion in revenue, slightly up from $28.3 billion in FY23.

Ascension’s Ongoing Investigation

Ascension’s investigation into the ransomware attack is ongoing. The health system expects claims submissions for patients treated during the downtime to be completed by the end of the calendar year. 

In response to the attack, Ascension diversified its claims clearinghouses and received advanced government payments to stabilize its cash flow. The health system also tapped into its short-term liquidity reserves.

"Our balance sheet and liquidity levels remain strong, with approximately $41 billion in assets and over $15 billion in liquidity, which was built to weather a storm like this," stated Ascension’s EVP and Chief Financial Officer,  Saurabh Tripathi.

Furthermore, Ascension attributed the smaller increase in total operating expenses—$30.1 billion in FY24 compared to $30 billion in FY23—to its performance improvement measures and the sale of several hospitals. 

The restructuring efforts, particularly in Michigan and Illinois, contributed to $402 million in impairment and nonrecurring losses.

Stay tuned for more such updates on Digital Health News.