New Delhi: Ascension, one of the healthcare giants in the US, has revealed that in May 2024, it was hit by a ransomware attack that affected its electronic systems. health records systemtelephones and programming systems.
While some non-urgent procedures and appointments were delayed, emergency services were diverted to avoid delays.
How hackers got hold of company data
The attack was executed after an employee downloaded a malicious file that was believed to be legitimate. The company took some devices offline on May 8 to contain the incident and switched to paper record-keeping for procedures and medications.
“We have also identified how the attacker gained access to our systems. A person working at one of our facilities accidentally downloaded a malicious file that he thought was legitimate. “We have no reason to believe that this was anything more than an honest mistake,” the company said.
While some services are back online, Ascension is still working to restore full functionality to electronic medical records, patient portals, phone systems and scheduling systems.
“Importantly, we have no evidence that data was taken from our electronic health records (EHR) and other clinical systems, where our complete patient records are securely stored,” he added.
What the company has found
In an investigation, the company discovered that attackers accessed and potentially stole files from seven servers on Ascension’s network of 25,000. These files may contain patient protected health information (PHI) and personally identifiable information (PII).
“We have made progress in our investigation and recovery with the help of external cybersecurity experts. At this point, we now have evidence indicating that the attackers were able to take files from a small number of file servers used by our partners primarily for daily, routine tasks. “These servers represent seven of the approximately 25,000 servers on our network,” he added.
Bleeping Computer reports that while Ascension has not identified the specific ransomware group, CNN reported Black Basta’s involvement.
Black Basta is a ransomware group that has been active since April 2022 and has targeted high-profile organizations such as Rheinmetall, Capita, ABB, and the Toronto Public Library.