A cyber-attack that sent US based Ascension hospitals and health care systems offline in May happened because a worker accidentally downloaded malware, officials said this week. “Clinical operations” were affected at Ascension hospitals and medical centers, which operate in Michigan and 18 other states, when a cyber-attack forced the organization to transition to offline systems in early May. It was later said that the attack was actually a ransomware attack, meaning someone (or a group) broke into Ascension’s computer system, took hold, and were demanding ransom for its return. The attack has been under investigation as Ascension works to bring its operations back online. Ascension’s Electronic Health Records system, for example, was expected to be restored at facilities nationwide by June 14, officials said last week. Not all online systems have been restored as of yet.[1]
After investigating for weeks, officials found that cyber attackers were able to access Ascension’s systems through a malicious file downloaded accidentally by a worker, who thought the file “was legitimate.” The organization said this week that it was simply an “honest mistake” made by the worker, who has not been identified.
The investigation also revealed that cyber attackers were able to access seven of the health system’s 25,000 servers across their network, a spokesperson said on 12 June. It wasn’t entirely clear yet what that meant, or exactly what data had been accessed.
“Though we are still investigating, we believe some of those files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual,” the spokesperson said. Officials said they don’t believe cyber attackers were able to access the Electronic Health Records system.
Ascension hospitals and care centers have remained open and functional since the attack, but normal operations had shifted for staff, and somewhat for patients. Operating times were still the same, and prescription services were still available, but some changes were implemented, though officials said last week that Ascension Rx services were operational again.
Red Sky Alliance has cautioned again and again to be very wary of emails that appear to be suspicious. Very serious sectors, like the healthcare industry, are prone to serious repercussions in the event of a cyber-attack. This is just one example, albeit a serious example, of carelessness in computer operations. Accidents do happen, and we are all to blame at times for missteps but please use this as an example of training your personnel in proper cyber hygiene.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our services can help detect cyber threats and vulnerabilities. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://www.clickondetroit.com/news/national/2024/06/13/ascension-cyber-attack-caused-by-worker-who-accidentally-downloaded-malware/
Comments