A major cybersecurity event at Ascension, a healthcare network with over 140 hospitals in 19 states, has caused significant disruptions to clinical operations. The incident was first detected on May 8, 2023, and since then, some technology network systems have been interrupted during the investigation and remediation process. Ascension has engaged Mandiant, a third-party expert firm, to assist in the investigation and remediation efforts.
The cybersecurity event has affected various systems utilized to order tests, procedures, and medications. Some hospitals have had to divert ambulances due to the disruption in electronic health records and phone systems. The extent of the impact on patient care delivery is still being assessed.
Ascension encourages all business partners to coordinate with their technology partners regarding any specific questions related to the incident. The organization has notified appropriate authorities and is working closely with them to fully investigate what information, if any, may have been affected by the situation.
The cybersecurity event at Ascension follows a similar pattern as other major US organizations that have been targeted by cybercriminals in recent years. In February 2024, Change Healthcare, a subsidiary of health care giant UnitedHealth Group, experienced a ransomware attack that caused billing disruptions and threatened some health providers with going out of business. The incident affected approximately one-third of Americans and resulted in UnitedHealth paying a $22 million ransom to the cybercriminals to protect patient data.
The cybersecurity event at Ascension highlights the growing vulnerability of America's healthcare system to disruptive cyberattacks with cascading impacts. It is essential for healthcare organizations to prioritize their cybersecurity efforts and invest in robust security measures to protect sensitive patient information and maintain uninterrupted care delivery.