US faith-based healthcare org Ascension says ‘cybersecurity event’ disrupted clinical ops

Healthcare organization Ascension is the latest of its kind in the US to say its network has been affected by what it believes to be a “cybersecurity event.”

In a statement posted to its website on Wednesday, Ascension said it detected “unusual activity” on select networks earlier that day and recommended its partners suspend all connections to Ascension systems.

“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” it said. “There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”

Incident response specialists at Mandiant were called in to investigate, Ascension confirmed, and the relevant authorities have been made aware.

“Together, we are working to fully investigate what information, if any, may have been affected by the situation,” it went on to say. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”

It’s still early days in the investigation, and as such there are very few details that have been officially confirmed. However, a source with close ties to Ascension told The Register there are signs that ransomware may be involved.

The source claimed all virtual desktop infrastructure (VDI) and virtual private network (VPN) connections are down across the US and that the “disruption to clinical operations” mentioned in Ascension’s statement has left at least some partners resorting to pen and paper operations.

Some computers used by Ascension staff are also displaying ransomware messages, we’re told.

The Register asked Ascension about the veracity of these claims and it did not confirm or deny them, merely pointing us back to its website statement.

Attacks on US healthcare continue

Ascension describes itself as one of the US’ leading faith-based providers of healthcare, running 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia.

Over the course of 2023, it was responsible for 599,000 surgeries, 349,000 urgent care visits, and 79,000 births. Ascension is driven by the Catholic faith and places special attention to serving the poor and otherwise vulnerable.

The incident is the latest in a long line of attacks by cybercrims on major healthcare organizations. UnitedHealth’s Change Healthcare represents perhaps the most high-profile healthcare incident of the year so far, whose nightmare ransomware attack is has to date cost it close to $1 billion.

The healthcare industry is a prime target for online attackers and has been for years. The combination of the sector’s often aging systems and the necessity for 24/7 uptime means ransomware miscreants in particular favor healthcare targets due to the perceived increased likelihood of victims paying for a quick restoration.

CISA has advocated for stronger cyber protections in the sector for years, especially since foreign adversaries are known to target it and other critical infrastructure organizations regularly.

The US infosec agency also cited attacks on healthcare and other critical orgs in recent calls to stamp out directory traversal vulnerabilities, which have pervaded software for decades despite methods to eliminate them being known since the nineties.

CISA launched its Ransomware Vulnerability Warning Pilot scheme in January 2023 to help critical infrastructure organizations more swiftly patch vulnerabilities associated with ransomware activity. In its first year, 852 bugs were squashed thanks to the scheme, saving the economy a great deal of money and organizations substantial disruption. ®

READ MORE HERE