While technological advancements have revolutionized healthcare, they’ve also opened new avenues for exploitation by cybercriminals. Ascension is one of the latest healthcare providers to fall victim to a large-scale ransomware attack. Ascension operates 140 hospitals and 40 long-term care centers across 19 states. The health system attends to 3.1 million emergency and 349,000 urgent care visits annually. More than 16.4 million patients rely on its physician offices and clinics.
The cyber-attack occurred on May 8, 2024, and has blocked access to Ascension’s electronic health records system and its MyChart system which gives patients access to their records. The attack has caused Ascension hospitals in various states to divert ambulances to other facilities and reroute patients to non-Ascension hospitals. Although hospitals remain open and operational, the attack has caused facilities to revert back to pen and paper operations causing significant delays in patient care. The hospitals have had to pause non-emergent elective procedures, tests, and appointments while the system remains compromised. Ascension is also unable to fill prescriptions at its pharmacies and has directed patients to ask their doctors to send their prescriptions elsewhere until they are able to get their systems back online. The ramifications of such attacks extend beyond operational inconvenience; they directly affect patient care.
The ransomware group “Black Basta” seems to be responsible for this attack. This group is known for its “double extortion attack,” which is when they first encrypt patient data and then threaten to leak the sensitive information to the public on the dark web. Black Basta is also the name of the type of ransomware used in this attack, and it has been used to encrypt and, in some cases, steal data from at least 12 out of 16 critical infrastructure sectors including Healthcare and Public Health. Black Basta ransomware has been used to exploit vulnerabilities in ConnectWise and ScreenConnect since just February of this year.
In the wake of Ascension’s ordeal, there has been a call for collective action. Healthcare providers, policymakers, and technology experts must collaborate to fortify defenses against cyber threats.
The attorneys at Chilivis Grubman advise clients of all types regarding cyber security issues, including ransomware attacks. If you need help with such a matter, contact us today.