Ascension Healthcare: Major Cyberattack Disrupts Clinical Operations in Over 140 Hospitals

Southfield, Mich., Michigan United States of America
Ascension, a healthcare network with over 140 hospitals in 19 states, experienced a cybersecurity event on May 8, 2023.
Disruptions to clinical operations include interruptions to systems used for ordering tests, procedures, and medications.
Mandiant, a third-party expert firm, has been engaged for investigation and remediation efforts.
Some hospitals have had to divert ambulances due to disrupted electronic health records and phone systems.
The extent of patient care delivery impact is still being assessed.
Ascension Healthcare: Major Cyberattack Disrupts Clinical Operations in Over 140 Hospitals

A major cybersecurity event at Ascension, a healthcare network with over 140 hospitals in 19 states, has caused significant disruptions to clinical operations. The incident was first detected on May 8, 2023, and since then, some technology network systems have been interrupted during the investigation and remediation process. Ascension has engaged Mandiant, a third-party expert firm, to assist in the investigation and remediation efforts.

The cybersecurity event has affected various systems utilized to order tests, procedures, and medications. Some hospitals have had to divert ambulances due to the disruption in electronic health records and phone systems. The extent of the impact on patient care delivery is still being assessed.

Ascension encourages all business partners to coordinate with their technology partners regarding any specific questions related to the incident. The organization has notified appropriate authorities and is working closely with them to fully investigate what information, if any, may have been affected by the situation.

The cybersecurity event at Ascension follows a similar pattern as other major US organizations that have been targeted by cybercriminals in recent years. In February 2024, Change Healthcare, a subsidiary of health care giant UnitedHealth Group, experienced a ransomware attack that caused billing disruptions and threatened some health providers with going out of business. The incident affected approximately one-third of Americans and resulted in UnitedHealth paying a $22 million ransom to the cybercriminals to protect patient data.

The cybersecurity event at Ascension highlights the growing vulnerability of America's healthcare system to disruptive cyberattacks with cascading impacts. It is essential for healthcare organizations to prioritize their cybersecurity efforts and invest in robust security measures to protect sensitive patient information and maintain uninterrupted care delivery.



Confidence

85%

Doubts
  • Is all patient data compromised?
  • What type of cybercriminal was responsible for the attack?

Sources

96%

  • Unique Points
    • Ascension, a major US health care network based in St. Louis, is diverting ambulances from several of its hospitals due to a cyberattack.
    • The cyberattack on Ascension has disrupted access to electronic health records, some phone systems, and various systems utilized to order tests, procedures, and medications.
    • It is not clear how many Ascension hospitals are sending ambulances to other locations because of the cyberattack. An Ascension spokesperson did not immediately respond for comment.
    • The cyberattack on Ascension follows a similar playbook as other American organizations that have been assaulted by cybercriminals, including notifying federal authorities and hiring prominent US cybersecurity firm Mandiant to recover from the incident.
    • It is the latest major hacking incident to hobble a big US health care network and sent US officials scrambling for support.
    • A February ransomware attack on Change Healthcare, a subsidiary of health care giant UnitedHealth Group, caused billing disruptions at pharmacies across the US and threatened some health providers with going out of business. A third of Americans may have had their personal data swept up in the hack.
    • UnitedHealth paid a $22 million ransom to cybercriminals to try to protect patient data following the Change Healthcare hack.
  • Accuracy
    • Access to some systems has been interrupted with remediation efforts in progress.
    • It is not clear how many patients were impacted by the breach and which hospitals are affected.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The article contains a few instances of inflammatory rhetoric and appeals to authority. It uses loaded language such as 'major US health care network' and 'cyberattack forces', which can create a sense of urgency and fear. Additionally, the author refers to Ascension as a 'sprawling health care network' which can be seen as an appeal to authority due to the impressive scale of its operations.
    • . . . A major US health care system said Thursday that it is diverting ambulances from “several” of its hospitals following a cyberattack this week.
    • The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack.
    • It’s only the latest major hacking incident that has hobbled a big US health care network and sent US officials scrambling to offer support.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

81%

  • Unique Points
    • It is not clear if this was a ransomware attack or not.
    • Healthcare providers across the US have experienced a spike in ransomware attacks in recent years, with 77 such attacks reported in the US since February 1, 2024.
  • Accuracy
    • The number of hospitals affected is not clear.
    • There is uncertainty about how many patients were impacted by the breach.
  • Deception (35%)
    The article reports on a cybersecurity event at Ascension Healthcare Network without disclosing the specific nature of the attack. This is deceptive as it leaves readers uninformed about the details of the incident, which could impact their understanding and concern over its implications. The article also implies that all 140 Ascension hospitals in the US were affected by quoting a cybersecurity expert saying
    • The Ascension Health care network has been disrupted by what it called a cyber security event.
  • Fallacies (95%)
    The article contains some instances of inflammatory rhetoric and appeals to authority, but no formal or blatant logical fallacies were found. The authors provide context and expert opinions without making any invalid arguments.
    • ] Cyberattacks are 'about money,' expert says [
    • Keener also explained the ramifications of bringing on a cybersecurity solutions firm, as Ascension has.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

95%

  • Unique Points
    • Patient Zackery Lopez waited hours for pain medication during the chaos caused by the cyber attack
    • Lopez saw patients checking themselves out of Ascension Providence due to disruption in operations
  • Accuracy
    • Ascension hospital cyber attack affecting 140 locations and 40 senior living facilities
    • Personal information of patients may have been at risk during the cyber attack
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

98%

  • Unique Points
    • Ascension detected unusual activity on network systems believed to be a cyber security event on May 8, 2023.
    • Some technology network systems have been interrupted during the investigation and remediation process.
    • Mandiant, a third party expert, has been engaged to assist in the investigation and remediation process.
  • Accuracy
    • Clinical operations have been disrupted and the impact and duration are being assessed.
    • Access to some systems has been interrupted with remediation efforts in progress.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

93%

  • Unique Points
    • A cyberattack has disrupted 'clinical operations' at major health care nonprofit Ascension.
    • If any sensitive patient data was compromised in the hack, Ascension will notify those affected.
  • Accuracy
    • ,
    • Ascension detected unusual activity on some of its computer systems on Wednesday, prompting an investigation and notification to appropriate authorities.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The article reports on a cyberattack on Ascension, a major health care nonprofit. It includes direct quotes from the organization and does not commit any formal logical fallacies. However, there is an example of inflammatory rhetoric:
    • Health care providers across the US have suffered numerous ransomware attacks in recent years, some of which have disrupted patient care and cost health providers millions, if not billions, of dollars.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication