In a new wave of attacks, a known non-profit healthcare provider, Ascension, revealed severe updates following the Black Basta ransomware attack. The Ascension ransomware attack struck in May 2024, infecting healthcare facilities and disrupting care, forcing staff to revert to paper charts. An employee unknowingly launched the attack by clicking a malicious file. While electronic health records (EHR) are believed to be safe, some patient data is stolen. Ascension is recovering systems and investigating the attack.
On June 12, Ascension disclosed that it had been subjected to an attack where cybercriminals exfiltrated files that included patients’ protected health information (PHI) and personally identifiable information (PII). The hack was said to have begun with an employee downloading a file containing the malware, which Ascension attributes to a genuine mistake.
Two days later, Ascension restored EHR access, heralding a return to routine clinical workflows. The healthcare provider’s transparency stands out, with experts like Toby Gouker of First Health Advisory applauding their openness and emphasizing the importance of preparedness and resilience against such attacks.
“Phishing and social engineering remain significant threats,” Gouker noted, highlighting the need for robust recovery strategies.
Ashley Leonard of Syxsense underscored Ascension’s commendable crisis management, contrasting it with United Healthcare’s slower recovery from a similar attack. Leonard praised Ascension’s non-punitive stance towards the involved employee, emphasizing the inevitability of human error.
John Bambenek of Bambenek Consulting pointed out that multiple technical safeguards failed, allowing a single click to cripple the system. He stressed that comprehensive security measures are essential to prevent such breaches.
The competent action taken by Ascension reassured the public that it would come clean again, not only restoring operations but also providing a framework for restoring patient trust, if not rebuilding it altogether. This demonstrates the actual effectiveness of a robust incident response plan.
