Ambulance car with flashing lights showing cyber attack on healthcare network

Ascension Healthcare Network Cyber Attack Disrupts Operations Across Numerous Hospitals Across the US

A cyber attack disrupted Ascension Healthcare Network systems, forcing hospitals to divert patients, reschedule appointments, and resort to manual systems.

“On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event,” the company spokesperson said in a May 9 statement.

Ascension is a nonprofit Catholic healthcare network with over 140 hospitals in 19 states and Washington, D.C. Its workforce includes 8,500 providers, 35,000 affiliates, and 134,000 associates. In 2023, the healthcare provider reported $28 billion in annual revenue.

Responding to the cyber attack, Ascension pulled some health systems offline, disrupting certain operations. However, the company said it was prepared for such eventualities with established contingency plans.

“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” said Ascension.

Cyber attack disrupts clinical operations at Ascension Healthcare Network hospitals

Although Ascension was prepared for such disruptions, several hospitals reported interruptions significantly impacting healthcare service delivery.

“There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption,” said Ascension.

The St. Louis-based healthcare network said the cyber attack disrupted some phone systems, MyChart (which allows patients to view their health records and contact providers), and some systems for ordering certain tests, procedures, and medications.

“We have to write everything on paper,” a doctor, who confirmed having training for such disruptions, told The Detroit Free Press. “It’s like the 1980s or 1990s. You go to the X-ray room to look at the X-rays on film, you call the lab they tell you what the results are over the phone.”

Subsequently, the healthcare network has initiated “established protocols and procedures to address these particular system disruptions,” the company spokesperson said.

Nevertheless, some “non-emergent elective procedures, tests, and appointments” were temporarily rescheduled, while some hospitals diverted ambulances to ensure seriously ill patients were promptly treated.

Similarly, walk-in patients were requested to carry appointment notes, a list of current medications, and prescription numbers or bottles.

Ascension suggested that restoration of the impacted systems would take some time, and downtime procedures would be active for some time. Typically, a ransomware attack could take months to identify the attack vector, eject the threat actor, and reconstruct the infrastructure.

Healthcare network cyber attack likely leaked patient data

The healthcare network suspects the cyber attack possibly resulted in data exfiltration. Ascension said it is working to determine if any sensitive patient information was accessed and its nature and will soon notify the impacted individuals.

“Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” said Ascension.

Meanwhile, the healthcare network has notified relevant authorities and hired Alphabet’s cybersecurity firm, Mandiant, to assist in remediation efforts and subsequent investigations.

Ascension has not disclosed the nature of the cyber attack, although it bears the hallmarks of a ransomware incident. The healthcare network advised business partners to “temporarily suspend the connection to the Ascension environment.”

Healthcare organizations are under attack

“The Ascension breach is yet another reminder that all hospitals and healthcare organizations are caught in the crosshairs of motivated and highly skilled ransomware gangs,” said Dan Lattimer, Vice President of Semperis. “Time and time again, hospitals are paying ransoms because of the very nature of their work to treat the sick and maintain a high standard of patient care. Any disruptions to the hospital network put patients’ lives at risk.”

Quoting anonymous sources, CNN has suggested that the Ascension cyber attack was a ransomware incident by the infamous Black Basta ransomware.

“So we’re just getting word that Black Basta is behind this attack at Ascension Healthcare, and this in the same week that the LockBit ransomware group claimed the attack on the city of Wichita, taking down their network and demanding a ransom,” said Steve Hahn, Executive Vice President of BullWall. “This marks a worrying trend. Russian ransomware groups, such as BlackBasta, LockBit, and Blackcat (AlphV), are intensifying their focus on U.S. healthcare. These actions follow the FBI’s operation against Blackcat’s infrastructure, with both groups vowing increased attacks on this sector.”

Speaking to CBS News, U.S. Department of Health and Human Services Secretary Xavier Becerra warned that healthcare networks faced a significant cyber risk due to consolidation and dependence on a few vendors.

HHS also warned that cybercriminals were leveraging social engineering tactics to target the health IT help desks to gain access. In May 2024, Health-ISAC also warned that the Black Basta ransomware gang had emerged as “a major threat to the healthcare industry.”

Meanwhile, Ascension is yet to disclose the attack vector or the threat actor’s identity. Ransomware attacks typically involve data exfiltration followed by ransom demands. So far, the healthcare network has not reported being in contact with any cybercrime group.

In February 2024, UnitedHealth Group’s subsidiary Change Healthcare suffered a ransomware attack that disrupted operations nationwide across various hospitals and pharmacies. Subsequently, the healthcare giant paid $22 million in ransom to prevent a third of Americans’ sensitive health information from leaking online.

“Breaches will occur, sensitive data could be exposed, and companies could experience months of disruptions,” warned Lattimer. “Look at Change Healthcare as an example. They reportedly paid a $22 million ransom, and on top of that nationwide recovery costs have already surpassed $1 billion.”

“As hospitals increasingly rely on technology to build their infrastructure, divisions such as patient care, research, billing, and more become more vulnerable to external threats and cyber attacks,” said Tamara Kirchleitner, Senior Intelligence Operations Analyst at Centripetal. “This not only jeopardizes data and network security but also endangers the lives of patients themselves.”