Yet another cyberattack has been reported on a healthcare network. The most recent target is Ascension, a health system that includes 140 hospitals and 40 senior living facilities in 19 U.S. states.
The extent of the attack is still undetermined, and it's unclear who is behind the attack. There are also no details yet on any vulnerabilities exploited or how the attackers accessed the systems.
Ascension joins Change Healthcare and UnitedHealth in a growing list of health providers that targeted in cybersecurity attacks. The Change Healthcare and UnitedHealth cyberattack on February 21, 2024 impacted hundreds of pharmacies worldwide, patient care included, and appears to have been the work of the infamous ALPHV/BlackCat ransomware crew.
Here's a timeline of events involving the UnitedHealth/Change Healthcare attack and its impacts.
Ascension Provides Few Details on Attack
A statement on Ascension’s website said that on May 8 the organization “detected unusual activity on select technology network systems” due to a cybersecurity event.
“We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues,” the statement said.
Ascension, which is headquartered in St. Louis, Missouri, acknowledged that there has been a “disruption to clinical operations,” and it continues to assess the impact and duration of the disruption.
Mandiant, part of Google Cloud, is assisting in the investigation and remediation process.
“Together, we are working to fully investigate what information, if any, may have been affected by the situation” Ascension stated. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”