Written by : Dr. Aishwarya Sarthe
May 13, 2024
There has been an adverse effect on critical systems at Ascension, which comprises 140 hospitals and 40 senior living facilities across the United States.
The Ascension Health System, which operates 140 hospitals across 19 states and Washington, DC, has been thrown into disarray by a significant cybersecurity incident. The disruption, detected on May 8th, has led to disabled systems, paused procedures, and diverted ambulances.
Ascension, comprising 140 hospitals and 40 senior living facilities across the United States, disclosed that clinical operations have been hampered, with access to critical systems affected.
The extent of the incident remains unclear as Ascension Health continues its investigation. The organization has confirmed the activation of remediation processes and enlisting Mandiant, a third-party cybersecurity firm, to assist. However, details regarding data compromise and the scale of disruptions are yet to be fully ascertained.
In response to the incident, Ascension has urged its business partners to temporarily disconnect from its technology environment, emphasizing caution amidst ongoing evaluations. Furthermore, the healthcare giant has notified appropriate authorities and vowed to provide updates as the situation unfolds.
Patients scheduled for appointments at Ascension facilities face disruptions, with electronic health records systems and essential communication channels rendered inaccessible. In light of this, Ascension advises patients to bring detailed medical information to their appointments, facilitating smoother care delivery despite the technological setback.
An Ascension spokesperson commented, "It is expected that we will be utilizing downtime procedures for some time." The organization's proactive measures aim to mitigate inconveniences, with patient safety remaining a top priority.
Ascension's response includes diverting ambulances with medically stable patients to alternative healthcare providers while ensuring continued acceptance of individuals requiring immediate life-saving treatment. Healthcare practitioners have adapted by reverting to manual record-keeping and non-digital care procedures, ensuring uninterrupted patient care delivery.
"We understand the frustration this may cause and sincerely regret any inconvenience to our patients," expressed the Ascension spokesperson, acknowledging the challenges faced by patients and staff amidst the disruption.
The cybersecurity incident at Ascension Health underscores the pervasive threat healthcare organizations face. With the healthcare sector increasingly reliant on digital infrastructure, ensuring robust cybersecurity measures is imperative to safeguard patient data and uphold uninterrupted care delivery.
Ascension Health has activated its trained care teams to navigate disruptions effectively in response to the incident. These teams are equipped with procedures designed to maintain patient safety and minimize the impact of operational challenges.
The cyberattack on Ascension Health Systems adds to a series of prominent cybersecurity incidents within the healthcare sector in recent years.
In February, a cyberattack targeting a unit within UnitedHealth Group subsidiary Optum, Change Healthcare, caused significant disruptions for US pharmacies and patients.
UnitedHealth was compelled to pay a $22 million ransom following the attack, underscoring the vulnerabilities stemming from a lack of multifactor authentication.
In January 2023, Lehigh Valley Health Network in Pennsylvania fell victim to a cybersecurity attack orchestrated by the ransomware gang known as BlackCat.
This attack affected over 2,700 individuals, leading to the unauthorized disclosure of sensitive patient data.
Furthermore, the US Department of Health and Human Services issued a warning last month, highlighting the sophisticated tactics employed by threat actors targeting IT help desks in the health sector.
Organizations were advised to implement stringent security measures, including adopting Microsoft Authenticator with number matching and removing SMS as a multifactor authentication verification option.
In a landscape marked by evolving cybersecurity threats, the incident serves as a reminder of the critical importance of robust security protocols in safeguarding sensitive healthcare information and maintaining uninterrupted patient care delivery.