Cyberattack on Ascension system creates care disruptions

The bottom line

If the Change Healthcare cyber-fiasco was an earthquake, the Ascension cyberattack is a major aftershock that should solidify the realization that healthcare is in the crosshairs of cybercriminals.

What happened

In the afternoon Wed. May 8, Ascension IT leaders detected unusual activity on its network systems and called it a “cyber event” in a statement released that later that evening. The provider and its security partner Mandiant are investigating the origin and pathway(s) of the attack and whether there was any data breach.

Ascension also immediately launched remediation measures, including restricting access to certain systems and alerting all business partners to coordinate further safeguards.

The fallout

Ascension’s network of healthcare facilities spans 19 states and Washington DC, including 140 hospitals and roughly 35,000 affiliated providers. Disruptions to scheduling, prescription management, and clinical operations have been reported across this network. Some hospitals are on diversion status, sending certain new patients to other hospitals and facilities.

“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” the organization reported.

What it means

Large-scale cyberattacks on healthcare are the new norm. While Change Healthcare’s network and impact are wider and bigger, Ascension is one of the largest hospital networks in the United States.  Both incidents resulted in widespread care and technology disruptions across many states, and cybercriminals were targeting large, valuable healthcare datasets.

Swift, collaborative incident response is crucial. Ascension alerted partners and other stakeholders soon after it detected the cyber incident. This potentially allowed connected facilities to safeguard systems and data, potentially minimizing exposure and risk. Collaborating with peers across the industry and sharing threat intelligence is vital to staying ahead of attackers — associations like CHIME were able to alert their members to increase vigilance.

Zero Trust and proactive risk assessment are essential in today’s healthcare. The threat landscape is elevating, and many reported incidents were rooted in compromised authorized users, including in the vulnerable supply chain. Nothing inside or outside the network can be trusted without verification, and CIOs/CISOs need to thoroughly vet business partners and establish strict security protocols.

Sources and additional info

• Ascension’s initial alert
• Ascension hospitals facing widespread cyberattack. Here’s what we know so far (Pensacola News Journal)
• CHIME federal government cybersecurity resources
• Change Healthcare stolen data appears on dark web
• Congress interrogates UnitedHealth CEO over Change Healthcare cyberattack
• Digital Health Insights (powered by CHIME) Cybersecurity resources