Bussiness
Ascension was hacked after worker mistakenly downloaded malicious file. Unclear how many patients’ data exposed
How to protect your digital account from hackers
It is important to take additional steps to ensure that your personal data is protected.
More than a month since it was targeted by a ransomware attack, national health system Ascension is disclosing more information about the attack.
Hospitals and clinics part of Ascension have been reeling in the month since the May 8 cyberattack, during which time health workers’ access to patient medical records was largely cut off and they were forced to rely on paper and other manual processes to order medical procedures, communicate across separate departments, and keep track of hospital patients’ evolving conditions.
Much is still unknown about how many patients’ data were affected by the attack and what kind of data was exposed, but Ascension has now disclosed how hackers gained initial entry and some information about the data stolen.
Here’s what we know.
How did Ascension get hacked?
A person working at an Ascension facility accidentally downloaded a file with malware that the person thought was legitimate, Ascension disclosed in a statement Wednesday.
The statement did not specify whether the worker was a victim of a phishing email, a common tactic used by hackers to gain entry to a target’s systems. Phishing emails are designed to look legitimate and may direct the recipient to download an attachment that exposes their system to malware.
Once they’ve infiltrated a system, hackers may move about and explore the computer network, gaining higher-level access, to find and steal sensitive data, according to a joint advisory issued by the FBI and other federal cybersecurity stakeholders following the Ascension attack. Hackers may then use ransomware to lock their targets out of their systems.
Ascension’s statement did not say when the malicious file was downloaded or how long hackers may have had access to its computer network. Nor did it give information about the kinds of protections Ascension has in place against cyberattacks or what Ascension may be doing to bolster those protections.
What was stolen in the Ascension cyberattack?
On Wednesday, Ascension disclosed that cyberattackers stole files from seven servers and that some of the files may contain protected health information.
Ascension did not disclose how many patients’ data likely was exposed, nor did it specify whether the stolen data included names, Social Security numbers, diagnoses, test results, or other specific types of protected health information.
“We have no evidence that data was taken from our Electronic Health Records and other clinical systems, where our full patient records are securely stored,” Wednesday’s statement from Ascension said.
That’s a positive sign, but it doesn’t say much about the kinds of data taken, said David Finn, a cybersecurity expert and executive vice president of governance, risk and compliance at the consulting firm First Health Advisory.
“In health care, patient data winds up in many systems,” Finn said in an email.
Ascension said it will take time to determine precisely what data was affected and for which patients. The St. Louis-based health system has hospitals, clinics, senior living facilities and other locations across 18 states, including a large presence in Wisconsin, where it operates more than a dozen hospitals in the Milwaukee area, Racine and the Fox Valley.
Who is behind the cyberattack on Ascension?
The cyberattack reportedly involved a type of ransomware called Black Basta, according to CNN, which cited four anonymous sources briefed on the investigation into the attack.
Black Basta also is the name of a group of cyber criminals thought to be an offshoot of a now-defunct Russian group of hackers called “Conti.” Black Basta reportedly raked in more than $100 million in bitcoin since it emerged in early 2022, according to a November joint report from digital currency tracking service Elliptic and Corvus Insurance.
More: What is Black Basta, thought to be behind the Ascension ransomware attack?
What can Ascension patients worried about exposure of their data do?
Ascension is offering its patients and employees free credit monitoring and identity theft protection as a result of the cyberattack.
Those wanting to enroll in those supports are asked to call 1-888-498-8066.
Wednesday’s statement did not say for how long the supports would be offered.
Ascension cannot answer questions about whether any one person’s data was compromised, the statement added.
“Once our data analysis is complete, however, we are committed to following all applicable laws and regulations to notify affected individuals and the appropriate regulatory bodies,” Wednesday’s statement said.