Ascension Health Care [3] [5] [8] [9] [11], a nonprofit Roman Catholic health ministry [9], experienced a cyberattack on May 8, disrupting its clinical operations [9] [11].
Description
The attack, believed to be carried out by the Black Basta ransomware gang, affected services at Ascension’s 140 hospitals nationwide [8], including three in the Jacksonville area [8]. Ambulances were redirected [3] [9], patient appointments were postponed [6], and hospitals had to go on diversion for emergency services. The electronic health records system was impacted [5] [10], leading staff to rely on paper records while systems are being restored and potential data breaches are being assessed. Phone systems and ordering systems within the network were also disrupted. Ascension has not disclosed if a ransom demand was made or paid [8], but the company has notified federal authorities, hired cybersecurity firm Mandiant [2], and shut down systems to mitigate the impact of the attack [2]. The FBI is assisting in recovery efforts, as this incident is part of a trend of cyberattacks on major healthcare providers in the US [10]. Other organizations like Change Healthcare and Lurie Children’s Hospital have also been victims of ransomware attacks earlier this year [10]. The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to similar organizations to be vigilant [9]. The Black Basta gang [2] [6] [7] [9] [10], a Russian-linked Ransomware-as-a-Service (RaaS) operation [6] [9], has breached over 500 organizations between April 2022 and May 2024 [9], encrypting and stealing data from critical infrastructure sectors [9]. Healthcare organizations are attractive targets for ransomware attacks due to their size [9], technological dependence [9], and access to personal health information [9]. The gang employs common initial access techniques such as phishing and exploiting known vulnerabilities [9], and uses a double-extortion model to extort victims [9]. Victims of ransomware attacks are urged to report incidents to the FBI or CISA [9]. The US government is investigating to determine if protected health information was compromised [6]. The Black Basta ransomware [1] [2] [7] [8] [9] [11], a ransomware-as-a-service variant first identified in April 2022 [7], has targeted over 500 private industry and critical infrastructure entities [7], including healthcare organizations [1] [4] [7] [8] [11], in North America [7], Europe [7] [11], and Australia [7]. Organizations are advised to implement provided mitigations to reduce the likelihood and impact of Black Basta and other ransomware incidents [7]. The attack caused hospitals to divert ambulances [3], postpone medical tests [3], and block online access to patient records [3]. Patients reported missing CT scans [3], mammograms [3], and prescription refills [3]. Hospital staff had to resort to paper records [3], slowing down operations [3]. The attack highlights the increasing threat of ransomware in the healthcare sector [3], with data theft and extortion becoming common tactics [3]. Ascension is working with external advisors to investigate and restore its systems [5], but there is currently no timeline for full restoration [5]. The Health Information Sharing and Analysis Center issued a threat alert about the Russia-backed ransomware group Black Basta targeting the healthcare sector [11], with the American Hospital Association sending cybersecurity advisories to its members [11]. Ascension health system in St [3] [5] [11]. Louis experienced a major cyberattack impacting clinical operations [11], with disruptions reported in imaging and IT services [11]. Black Basta ransomware attacks have caused operational disruptions in healthcare organizations in Europe and the US [11], prompting urgent action to defend against the threat [11]. Ascension detected unusual activity on its systems [11], leading to downtime procedures and loss of access to electronic health records [11], lab systems [11], and communication tools [11]. The incident underscores the importance of information sharing to improve defense mechanisms in the healthcare sector [11]. Black Basta ransomware has extorted over $100 million and is considered a major threat to the industry [11]. The cyber attack on Ascension hospitals [11], causing ambulance diversions [10] [11], was reportedly caused by Black Basta ransomware [11]. Information security experts have highlighted the sophistication of the attack and recommended adopting AI-powered security tools to enhance resilience against coordinated attacks [11]. Healthcare organizations face challenges in allocating budget increases for security protections [11], leading to calls for government funding to protect critical sectors [11]. Ascension has notified law enforcement and government partners [11], sharing threat intelligence to prevent similar incidents [11].
Conclusion
The cyberattack on Ascension Health Care highlights the urgent need for healthcare organizations to enhance their cybersecurity measures to protect against ransomware threats. The incident underscores the importance of information sharing [11], the adoption of AI-powered security tools, and the allocation of budget increases for security protections [11]. Government funding may be necessary to safeguard critical sectors from future attacks.
References
[1] https://www.pnj.com/story/news/2024/05/13/ascension-cyberattack-investigation-still-ongoing-latest-info/73671881007/
[2] https://www.cnn.com/2024/05/10/tech/cyberattack-ascension-ambulances-hospitals/index.html
[3] https://apnews.com/article/cyberattack-hospital-system-ambulances-diverted-ascension-728ab2a0e5afaf7c344e46a5ce5ca42c
[4] https://arstechnica.com/security/2024/05/black-basta-ransomware-group-is-imperiling-critical-infrastructure-groups-warn/
[5] https://www.crn.com/news/security/2024/black-basta-ransomware-attack-brought-down-ascension-it-systems-report
[6] https://www.infosecurity-magazine.com/news/ascension-ransomware-diverts/
[7] https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware
[8] https://www.jacksonville.com/story/news/healthcare/2024/05/13/ransomware-at-ascension-hospitals-including-jacksonville-probed/73669372007/
[9] https://securityboulevard.com/2024/05/ascension-black-basta-cisa-richixbw/
[10] https://chicago.suntimes.com/health/2024/05/13/ransomware-ascension-hospital-black-basta
[11] https://www.healthcareitnews.com/news/aha-h-isac-warn-hospitals-about-black-basta-following-ascension-cyberattack
