Ascension Healthcare Network Hit in Cyberattack

Healthcare business graph data and growth, Insurance Healthcare. Doctor analyzing medical of business report and medical examination with network connection on laptop screen. (iStock via Getty Images)

Yet another cyberattack has been reported on a healthcare network. The most recent target is Ascension, a health system that includes 140 hospitals and 40 senior living facilities in 19 U.S. states.

The extent of the attack is still undetermined, and it's unclear who is behind the attack. There are also no details yet on any vulnerabilities exploited or how the attackers accessed the systems.

Ascension joins Change Healthcare and UnitedHealth in a growing list of health providers that targeted in cybersecurity attacks. The Change Healthcare and UnitedHealth cyberattack on February 21, 2024 impacted hundreds of pharmacies worldwide, patient care included, and appears to have been the work of the infamous ALPHV/BlackCat ransomware crew.

Here's a timeline of events involving the UnitedHealth/Change Healthcare attack and its impacts.

Ascension Provides Few Details on Attack

A statement on Ascension’s website said that on May 8 the organization “detected unusual activity on select technology network systems” due to a cybersecurity event.

“We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues,” the statement said.

Ascension, which is headquartered in St. Louis, Missouri, acknowledged that there has been a “disruption to clinical operations,” and it continues to assess the impact and duration of the disruption.

Mandiant, part of Google Cloud, is assisting in the investigation and remediation process.

“Together, we are working to fully investigate what information, if any, may have been affected by the situation” Ascension stated. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.