Ascension ransomware attack that crippled Alabama hospital computers caused by worker downloading ‘malicious file’

Ascension Health, the company that runs several hospitals in the Birmingham metropolitan area, said a worker who “accidentally downloaded a malicious file” caused the ransomware attack that crippled its computer systems.

The attack, which was discovered May 8, paralyzed the St. Louis-based health system’s computers and led Ascension to remove its hospitals’ access to electronic patient records. Ascension announced last week that access was restored at its Alabama facilities and intended to complete the restoration for the remainder of its 140 hospitals by Friday.

Ascension Health operates five hospitals in the Birmingham metropolitan area, including St. Vincent’s Hospital. Providence Hospital in Mobile, which had been owned by Ascension before it sold the facility to the University of South Alabama last year, was impacted because it remained on some of Ascension’s IT systems.

On Wednesday, Ascension said it determined the cause of the ransomware attack.

“An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate,” a health system spokesman said. “We have no reason to believe this was anything but an honest mistake.”

Ascension said it does not believe electronic records “and other clinical systems where our full patient records are securely stored” were stolen in the ransomware attack.

But the company spokesman said there is evidence the attackers were able to take files from seven out of the roughly 25,000 servers across Ascension’s computer network, and that those files “may contain protected health information and personally identifiable information for certain individuals, although the specific data may differ from individual to individual.

“At this point, we now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks,” the spokesman said.

Ascension won’t know exactly what data was taken until the investigation is complete, and could not provide a timeline for when the probe would be finished.

“While we have started this process, it is a significant undertaking that will take time,” the spokesman said.

Meanwhile, the health system is providing free credit monitoring and identity theft protection services to any Ascension patient or associate who asks for it.

Those who want to enroll in the services were asked to call Ascension’s dedicated call center at 1-888-498-8066.