Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service

One of the largest healthcare systems in the United States is scrambling to contain a hack that’s causing disruption and “downtime procedures” at hospitals around the country.

Ascension, a non-profit that runs one of the largest healthcare systems in the United States, is scrambling to contain a significant cyberattack currently causing disruption and “downtime procedures” at hospitals around the country.

The St Louis healthcare giant said computer systems affected include electronic health records, the MyChart patient communication portal, certain phone systems, and systems used for ordering tests, procedures, and medications.

After discovering the hack on May 8, Ascension said it activated downtime procedures and temporarily suspended non-emergent elective procedures to focus on urgent care. Several hospitals have also diverted emergency medical services to ensure prompt triage of critical cases, the company said.

“We have determined this is a cybersecurity incident. We are working around the clock with internal and external advisors to investigate, contain, and restore our systems following a thorough validation and screening process. Our investigation and restoration work will take time to complete, and we do not have a timeline for completion,” the company said in a note posted online.

“It is expected that we will be utilizing downtime procedures for some time. Patients should bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies,” Ascension said.

Details on the intrusion are scarce but the early bet is on a ransomware infection with severe offline ramifications, including the diversion of emergency medical services and the pausing of non-emergency elective procedures.

“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”

Ascension said it is working with Google’s Mandiant unit on the investigation and remediation process.

Advertisement. Scroll to continue reading.

Ascension has about 142,000 employees managing hundreds of hospitals and 40 senior living facilities across the United States.

News of the Ascension hack breach comes just 24 hours after Dell Technologies sent notices to millions of customers warning that data including full names and physical addresses was stolen during a security incident.

Dell did not provide any details on the breach beyond a brief statement mentioning “an incident involving a Dell portal, which contains a database with limited types of customer information. The company confirmed that data accessed include customer names, physical mailing addresses and information on Dell hardware and order information.

The pilfered data also included order service tags, item description, dates of orders and customer warranty information.

“The information involved does not include financial or payment information, email addresses, telephone numbers or any highly sensitive customer information,” Dell added.

Related: What’s Behind the Healthcare Ransomware Epidemic?

Related: Change Healthcare Hack Due to a Lack of Multifactor Authentication

Related: Ransomware Group Starts Leaking Data Stolen From Change Healthcare

Related: Dell Says Customer Names, Addresses Stolen in Database Breach

Related: Zscaler Investigates Hacking Claims After Data Offered for Sale

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights