Cybercriminals don’t seem like they will stop using healthcare institutions as target practice anytime soon, as another major organization fell victim to a cyberattack this week.
Ascension, a St. Louis-based health system with 140 hospitals across 19 states, detected a hacker’s activity in its systems on Wednesday, it said in a notice posted on its website the next day.
“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” the notice read. “There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”
Ascension said it has notified the proper authorities and is working with Mandiant — a cybersecurity firm owned by Google — to investigate the incident. The investigation has not yet shown that any sensitive information was impacted by the cyberattack.
The health system urged its business partners to temporarily disconnect themselves from all of Ascension’s systems.
The attack is affecting Ascension hospitals all over the country, including facilities in Texas, Florida, Michigan, Illinois, and Wisconsin.
The fact that Mandiant is involved is an indicator of a very serious situation, according to Satyam Tyagi, vice president of cybersecurity company ColorTokens.
“They are diverting ambulances, which shows they do not have trust in their systems to do proper patient care. The incident was noticed Wednesday, and even after 24 hours or more, the extent of damage or containment is not known. They have also requested that their partners disconnect from their network — another indicator that the extent of the damage has not yet been identified,” he wrote in a message to MedCity News.
Tyagi noted he has heard patient testimonies saying that Ascension providers are using paper charts, which indicates that not even backup recovery is online.
“At the moment, it seems that Ascension is doing everything they can, but recovery was not planned or effective. Moving forward, every hospital should thoroughly plan for breach and recovery and test those solutions extensively,” he wrote.
Another cybersecurity expert — Stephen Kowski, field chief technology officer at SlashNext — noted that Ascension’s decision to instruct partners to disconnect from its systems, while disruptive, is a necessary containment measure that underscores the sophistication of the attack.
In Kowski’s view, the Ascension’s cyberattack has similarities with the one waged against Change Healthcare.
“The similarity suggests a pattern that may involve advanced social engineering techniques, exploiting human vulnerabilities,” he remarked. “Healthcare organizations should adopt AI-powered security tools capable of detecting anomalous behavior indicative of social engineering to enhance their resilience against such coordinated attacks.”
These cyberattacks represent just two of the hundreds that have been waged against healthcare providers so far this year.
Given the soaring number of cybersecurity disasters in the healthcare sector, the Ascension news is unsurprising, wrote Douglas McKee, executive director of threat research at SonicWall.
“Healthcare continues to be a very lucrative and softer target for threat actors. It is imperative that we first recognize the challenges healthcare faces — it has two priorities, physical patient safety and the protection of patient data. Regulatory agencies and C-level executives must work together to understand the common areas between these two priorities — and work to ensure both are met efficiently and cost-effectively,” he wrote.
Photo: boonchai wedmakawand, Getty Images