Paige Henley
Published on: May 15, 2024
Ascension Health System is working to restore its IT systems following a ransomware attack that has severely disrupted care at its network of hospitals across the United States. The attack, which impacted electronic health records and other critical systems, has forced medical staff to use paper-based records and led to several hospitals diverting emergency medical services.
Ascension has not publicly identified the cyber threat actor responsible for the attack. However, a CNN report on Friday suggested that the Black Basta ransomware group is believed to be behind the incident. This report coincided with a joint cybersecurity advisory revealing that Black Basta has affected over 500 organizations globally since its emergence in April 2022.
In an update on Saturday, Ascension stated, “We continue to diligently investigate and address the recent ransomware incident, working closely with industry-leading cybersecurity experts to assist in our investigation and restoration and recovery efforts. While we expect this process will take time to complete, we are making progress and systems are being restored in a coordinated manner at each of our care sites.”
The attack disrupted systems used for ordering tests, procedures, and medications, necessitating a switch to manual, paper-based processes. Ascension’s statement highlighted the ongoing efforts to restore normal operations, emphasizing the coordinated approach being taken across its facilities.
In response to the ransomware attack, Ascension took some of its health systems offline, which caused disruptions in specific operations. Nevertheless, the company emphasized its preparedness for such incidents through established contingency plans.
“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” Ascension stated.
Ascension is actively investigating to ascertain if any sensitive patient information was accessed and its nature, and will promptly notify the affected individuals.
“Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” said Ascension.
Source of Article