Share this article on:
US private healthcare company Ascension has taken some of its systems offline after it suffered a cyber attack.
The company is one of the largest private healthcare systems in the US, with over 8,500 providers, 35,000 affiliated providers and 134,000 associates. It also operates 140 hospitals and 40 senior care facilities in 19 US states and the District of Columbia.
Ascension issued a statement yesterday (8 May) saying that it had concluded that suspicious activity detected on its systems was the result of a “cyber security event”.
“At this time, we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues,” it said.
The company has also advised that its business partners also temporarily halt connections with Ascension’s systems “out of an abundance of caution” and that they will inform them when to reconnect.
Additionally, Ascension said that due to the outage, clinical operations have been disrupted and that investigations are ongoing.
“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.
“There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption,” it said.
The healthcare organisation said it had engaged the assistance of cyber security firm Mandiant to aid in the investigation and assist the company in its remediation process. Additionally, the company iterated that it had notified the authorities of the incident. At this stage, it is unclear if any information has been exfiltrated or accessed by a threat actor.
“Together, we are working to fully investigate what information, if any, may have been affected by the situation. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” Ascension said.
The attack on Ascension comes only months after the largest US healthcare company, UnitedHealth, was hit by a devastating ransomware attack.
Change Healthcare, a subsidiary of UnitedHealth, was hacked in February. The company originally blamed state-sponsored hackers before ALPHV took credit for the attack.
ALPHV was paid a ransom of US$22 million, which it then pocketed without paying the affiliate behind the attack, claiming it had been taken down by the FBI as an exit strategy. Despite an angry back and forth, the affiliate, Notchy, was never paid, and thus Change Healthcare’s systems were not restored, and stolen data was not deleted.
RansomHub then claimed to have the Change Healthcare data and demanded that the organisation pay them a ransom.
After not paying the ransom a second time, RansomHub listed Change Healthcare’s data for sale. It was later discovered that the threat actors gained access to the company’s systems by using compromised credentials to access a company Citrix portal.
UnitedHealth chief executive Andrew Witty said that a “substantial proportion” of Americans were affected by the attack, only to later reveal that the number was “close to a third” of all Americans.
Witty also took responsibility for paying the US$22 million ransom.