How an employee’s “honest mistake” led to a hack into the US healthcare system, Ascension

0
348
How an employee's
How an employee's "honest mistake" led to a hack into the US healthcare system, Ascension

In May 2024, Ascension experienced a ransomware attack that resulted in a data breach. Devices were disconnected, and recordkeeping was started on paper. No confirmed EHR data breach; services are back online.

One of the biggest names in US healthcare, Ascension, has disclosed that in May 2024, it was the victim of a ransomware attack that affected its phones, scheduling systems, and electronic health records system. The attack diverted emergency services to prevent backlogs, while non-emergent procedures and appointments were postponed. The method by which hackers obtained access to company data was that the attack was carried out after an employee downloaded a malicious file that was thought to be authentic. The company took some devices offline on May 8 to contain the incident and resorted to paper-based record-keeping for procedures and prescriptions.

“We have also identified how the attacker gained access to our systems. An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake,” the company said. While some services are back online, Ascension is still working to restore the full functionality of electronic health records, patient portals, phone systems, and scheduling systems.

During an investigation, the company discovered that hackers may have gained access to and possibly stolen files from seven servers out of Ascension’s 25,000-person network. These files may have contained personally identifiable information (PII) and protected health information (PHI) about patients. “Importantly, we have no evidence that data was taken from our Electronic Health Records (EHR) and other clinical systems, where our full patient records are securely stored,” the statement continued.

“With the assistance of outside cybersecurity specialists, we have made progress in both our investigation and recovery. We now have data that suggests the attackers were successful in obtaining files from a limited number of file servers that our associates mainly used for everyday and routine work. Seven out of the roughly 25,000 servers in our network are represented by these servers,” it continued. While Ascension hasn’t named the precise ransomware organization, CNN has revealed Black Basta’s connection, according to Bleeping Computer. Since its founding in April 2022, the ransomware gang Black Basta has targeted a number of well-known companies, including Rheinmetall, Capita, ABB, and the Toronto Public Library.

Also readUnveiling the Ethical Imperatives: Navigating the Intersection of AI and Cybersecurity

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter 

About us:

CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.

CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.