Ascension Attack Caused by Employee Downloading Malicious File

Written by

Ascension has revealed that ransomware attackers gained access to its systems after an employee accidently downloaded a malicious file.

The incident, which took place in May 2024, forced the US private healthcare provider to divert ambulances and postpone patient appointments.

Additionally, the attack prevented access to electronic health records (EHR), and took down various systems used to book tests, procedures and medications. Ascension is still working to restore its systems. The attack has been determined to be ransomware.

In an update on June 12, the spokesperson said the company had identified the source of the attack, stating: “An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate.”

There is no further information about the source of the malicious file, but it seems likely to be a phishing-related attack.

Ascension emphasized that it has no reason to believe the employee acted maliciously, describing it as an “honest mistake.”

Evidence of Patient Data Theft

The Ascension spokesperson also said there is evidence that indicates the attackers stole files that may contain protected health information (PHI) and personally identifiable information (PII) of patients.

These files came from seven severs used by associates primarily for daily and routine tasks.

The specific data accessed may differ from individual to individual, the spokesperson added. However, the company is continuing to work with third-party cybersecurity experts to ascertain the exact nature of the data breach before it is able to notify affected individuals and appropriate regulatory bodies.

“Right now, we don’t know precisely what data was potentially affected and for which patients. In order to reach those conclusions, we need to conduct a full review of the files that may have been impacted and carefully analyze them. While we have started this process, it is a significant undertaking that will take time,” Ascension commented.

There is no evidence that data was taken from EHR and other clinical systems.

Complimentary credit monitoring and identity theft protection services is being offered to any Ascension patient or associate who requests it.

Ascension System Recovery

In an earlier update on June 11, Ascension said it had successfully restored EHR access for 14 locations, and is working to completing restoration by June 14.

However, medical records and other information collected between May 8 and the date of the local EHR restoration may not be accessible as the company works on uploading the information collected during the system downtime.

In the UK, two leading London hospitals were forced to cancel operations and divert emergency patients at the start of June following a cyber-attack on a critical supplier of pathology services.

On June 10, the NHS issued an urgent appeal for blood donors and volunteers amid the immediate and significant knock-on effect on blood transfusions and test results caused by the incident.

What’s hot on Infosecurity Magazine?