Ascension Healthcare Suffers Major Cyberattack

  /     /     /  
Publicated : 23/11/2024   Category : security


Ascension Healthcare Suffers Major Cyberattack


The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.



Healthcare provider Ascension, which operates 140 hospitals across 19 states, fell victim to a cyberattack that took down multiple essential systems including electronic health records (EHRs), the MyChart platform for patient communication, and certain medication and test-ordering systems.
The organization disclosed the attack on May 8 and said it is actively investigating it with internal and external advisers, prioritizing patient safety amid the disruption.
According to a
report
in the Detroit Free Press, employees became aware of computer network issues on May 7, which prompted a shutdown of the entire system.
The provider has temporarily paused non-emergency medical procedures and appointments, and some hospitals are diverting emergency medical services. Patients were advised to bring relevant medical information to appointments due to system limitations.
We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, a
company statement said
. It is expected that we will be utilizing downtime procedures for some time.
The organization has tapped incident response help from Mandiant for investigation and remediation efforts. It is unknown if any patient data was exposed in the attack.
We are working to fully investigate what information, if any, may have been affected by the situation, Ascension said. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.
Ascensions cyberattack comes on the heels of a February ransomware attack on United Healthcares Change Healthcare subsidiary, which caused chaos for days with outages across multiple hospitals and facilities.
Mark Manglicmot, senior vice president of security services for Arctic Wolf, says Ascensions cyber incident is a grim reminder that healthcare organizations are an incredibly hot target, and
attacks on their infrastructure
have consequences far beyond a ransom demand.
He points out that healthcare organizations not only hold the keys to troves of personal and confidential information on patients, but they also have mass networks of critical medical technology.
Bad actors holding medical data hostage and turning off medical equipment can directly threaten thousands of lives, and the longer the intrusion persists, the greater the risk. 
Last year, the median ransomware demand in the healthcare industry was $450,000; although this is a steep ask, its important to consider that the human impact of a healthcare incident is a far greater lever that threat actors are using to achieve their financial and notoriety goals, he says.
Kurt Osburn, director of risk management and governance at NCC Group, notes how
healthcare is an easy target
as well.
Within hospitals, there are so many people and entry points to get information from that it can take a significant effort and cost to secure it all, he says. No healthcare attacks are surprising, unfortunately. The industry is a priority target for attackers because of the value of the information.
Manglicmot says the top attack methods his firm sees over and over are the exploitation of long-known external facing vulnerabilities and phishing attacks.
Although these are tried-and-true methods of exploitation, organizations struggle to shore up all the weaknesses here, putting patient health and safety at risk, he says.
He advises that when recovering from an incident, prioritize patching external-facing vulnerabilities and establish a comprehensive top-to-bottom 24x7 security operations capability.
Without these in place, the risk of a repeat, successful attack is very high, he cautions.
Osburn says healthcare organizations must prioritize cybersecurity and make a more concerted effort to
protect patient data privacy and security
.
Dont just accept the risk of being hacked — proactively prevent, detect, and respond to threats, he advises. Have safeguards in place for storing, accessing, and sharing sensitive personal health information to limit the impact if a breach occurs.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ascension Healthcare Suffers Major Cyberattack