Breaking Point: How the Ascension Ransomware Siege Exposes America's Healthcare Cybersecurity Crisis.
A cyberattack has forced Ascension, a St. Louis-based nonprofit healthcare network, to divert ambulances from several hospitals, significantly disrupting patient care across its extensive operations. Ascension, which operates 140 hospitals and 40 senior living facilities across 19 states, revealed the incident on Thursday, highlighting a severe interruption to electronic health records, phone systems, and various medical ordering processes.
The cyberattack has been identified as a ransomware incident involving the Black Basta ransomware, which has increasingly targeted healthcare organizations. Ransomware attacks typically involve cybercriminals locking computers and stealing data to extort victims. This particular strain of ransomware, associated with a criminal group including Russian speakers, has recently intensified its assaults on the healthcare sector. The Health Information Sharing and Analysis Center issued an advisory on Friday, noting a surge in attacks by Black Basta, with at least two US and European healthcare organizations experiencing severe operational disruptions in the past month.
Ascension's response to the cyberattack includes implementing "downtime procedures," reverting to backup processes such as paper records to continue patient care amidst the digital blackout. The healthcare network has enlisted the expertise of prominent cybersecurity firm Mandiant to manage the recovery process and has notified federal authorities of the breach. Senior US officials, including frequent communications with Ascension CEO Joseph Impicciche, are closely monitoring the situation to assess the impact on patient care.
The incident follows a pattern of significant cyberattacks targeting US healthcare infrastructure, underscoring the sector's vulnerability. In February, a ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, caused widespread billing disruptions at pharmacies nationwide and threatened the financial stability of numerous healthcare providers. UnitedHealth CEO Andrew Witty testified before Congress that approximately one-third of Americans might have compromised their personal data, and the company paid a $22 million ransom to secure patient data.
These recurring cyber threats raise critical concerns about the robustness of America's healthcare cybersecurity defenses. Lawmakers are increasingly scrutinizing the systemic vulnerabilities that allow such disruptions, which have far-reaching implications for patient safety and the continuity of care. The Ascension cyberattack highlights the urgent need for enhanced cybersecurity measures and proactive threat management strategies within the healthcare sector to mitigate the cascading impacts of such incidents.
As Ascension continues to battle with the fallout from the ransomware attack, the broader healthcare community and federal authorities must grapple with the stark reality of cyber vulnerabilities and the imperative to fortify defenses against an ever-evolving threat landscape.
Sources:
