Major US private healthcare organization goes offline after ‘cybersecurity event’

Ascension says employee mistake led to ransomware attack

American private healthcare company Ascension took some of its systems offline after suffering a cyberattack.

The company is one of the largest private health systems in the U.S., with more than 8,500 providers, 35,000 affiliated providers and 134,000 associates. It also operates 140 hospitals and 40 senior care facilities in 19 U.S. states and the District of Columbia.

Ascension issued a statement yesterday (May 8) saying it had concluded that the suspicious activity detected on its systems was the result of a “cybersecurity event.”

“At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. “Access to some systems has been disrupted as this process continues,” he said.

The company has also reported that its business partners are also temporarily suspending connections to Ascension’s systems “out of an abundance of caution” and will inform them when to reconnect.

Additionally, Ascension said that due to the outage, clinical operations have been disrupted and investigations are ongoing.

“Our care teams are trained for these types of disruptions and have initiated procedures to ensure patient care remains safe and with as little impact as possible.

“There has been a disruption to clinical operations and we continue to evaluate the impact and duration of the disruption,” he said.

The healthcare organization said it had retained the assistance of cybersecurity firm Mandiant to assist in the investigation and assist the company in its remediation process. In addition, the company reiterated that it had notified the authorities of the incident. At this time, it is unclear if any information has been extracted or accessed by any threat actors.

“Together, we are working to fully investigate what information, if any, may have been affected by the situation. “If we determine that any confidential information has been affected, we will notify and support those individuals in accordance with all relevant legal and regulatory guidelines,” Ascension said.

The attack on Ascension comes just months after the largest US healthcare company, UnitedHealth, was hit by a devastating ransomware attack.

Change Healthcare, a subsidiary of UnitedHealth, was hacked in February. The company originally blamed state-sponsored hackers before ALPHV took credit for the attack.

ALPHV received a $22 million ransom, which it then pocketed without paying the affiliate behind the attack, claiming it had been eliminated by the FBI as an exit strategy. Despite the annoying back-and-forth, the affiliate, Notchy, was never paid and therefore Change Healthcare’s systems were not restored and the stolen data was not deleted.

RansomHub then claimed to have Change Healthcare’s data and demanded that the organization pay them a ransom.

After failing to pay the ransom for the second time, RansomHub put Change Healthcare’s data up for sale. It was later discovered that the threat actors gained access to the company’s systems using compromised credentials to access a company’s Citrix portal.

UnitedHealth CEO Andrew Witty said a “substantial proportion” of Americans were affected by the attack, later revealing that the number was “about a third” of all Americans.

Witty also took responsibility for paying the $22 million ransom.

Leave a Reply

Your email address will not be published. Required fields are marked *