Skip to content

Ascension Health Cyberattack Affects 5.6 Million Patients

December 23, 2024

Ascension Health, a leading nonprofit Catholic health system in the United States, has begun notifying 5.6 million patients affected by a ransomware attack detected in May 2024. The breach compromised sensitive medical records, including medical record numbers, dates of service, lab test types, procedure codes, payment information, insurance details, and personal identifiers such as Social Security and passport numbers.

Incident Overview

  • Attack Timeline: The cyberattack occurred on February 29, 2024, and was discovered on May 8, 2024.

  • Perpetrator: Ascension confirmed in June that the ransomware group Black Basta was responsible for the attack.

  • Operational Impact: The attack disrupted access to electronic health records, lab systems, and surgical and medication systems across Ascension's 140 hospitals, forcing medical staff to revert to paper charts and significantly affecting patient care.

Data Compromised

The breach involved the theft of various sensitive information, including:

  • Medical Information: Medical record numbers, dates of service, types of lab tests, and procedure codes.

  • Payment Information: Credit card or bank account numbers.

  • Insurance Details: Insurance information and policy numbers.

  • Personal Identifiers: Social Security numbers, tax ID numbers, and passport numbers.

Response and Recommendations

In response to the breach, Ascension Health has initiated the process of notifying affected patients and is likely enhancing its cybersecurity measures to prevent future incidents.

Experts emphasize the importance of real-time threat detection, automated response capabilities, and continuous monitoring to protect sensitive data. Implementing a proactive approach rooted in zero-trust with privileged access management can significantly mitigate the impact of such attacks.

Cause of this Ransomware attack

The ransomware attack on Ascension Health in May 2024 was initiated when an employee inadvertently downloaded a malicious file, providing cybercriminals with access to the organization's systems. This method of entry is consistent with malware-based attacks, where malicious software is introduced into a system to compromise its security.

Industry Implications

This incident underscores the vulnerability of healthcare organizations to cyberattacks due to their extensive repositories of sensitive patient data and complex digital infrastructures. The increasing sophistication of ransomware groups highlights the critical need for healthcare providers to invest in advanced malware prevention like Trust Lockdown. It has been protecting healthcare systems since 2015.

Trust Lockdown Blocks Malware and Unauthorized software

Trust Lockdown is an automatic software firewall that blocks all unauthorized software immediately without the need for a cybersecurity team to identify, understand, or respond to the threat, eliminating the risk of malware instead of only reducing it.

Preventing a HIPAA violation

In Q3 2015, White Cloud Security’s Trust Lockdown successfully detected and blocked an unauthorized attempt to install file transfer software on a Windows Server managing an MRI system. This proactive action prevented a potential HIPAA compliance breach, ensuring the integrity of sensitive patient data.

The attempted installation, initiated by an MRI technician, was immediately halted by Trust Lockdown's Default-Deny approach, which allows only pre-approved software to execute. Initially, the technician denied responsibility, but the Trust Lockdown Administrator presented clear, detailed evidence of the failed attempt, leaving no room for dispute. This incident underscores the critical role of Trust Lockdown in safeguarding healthcare systems against unauthorized software and maintaining strict compliance with regulatory standards.

For more detailed information, refer to the original article on SC Media.