Ascension Adds State-By-State Information On Recovery From Ransomware Attack
The attack on the Ascension health system shut down its electronic health records system and forced it to divert emergency care at some of its hospitals.
Ascension has added more details to its online site about the recovery from the ransomware attack that impacted the health system, with information now shared on a state-by-state basis.
The attack on the Ascension health system last week shut down its electronic health records system and forced it to divert emergency care at some of its hospitals.
[Related: Ascension: 'Systems Are Being Restored' After Cyberattack]
In an update Monday evening, Ascension shared “cybersecurity event update” information for its services in Alabama, Florida, Illinois, Indiana, Kansas, Maryland, Michigan, Oklahoma, Tennessee, Tennessee, Texas and Wisconsin.
“As systems and services come back online, we will share those updates so that our patients and communities can plan accordingly,” the St. Louis-based health system said in the update. “We will be expanding the site this week to provide updates related to healthcare services as they relate to specific regions.”
Ascension reiterated that it is “making progress” in the recovery from the ransomware attack, which “has caused disruptions to patient care” in its network — though “it will take time to return to normal operations,” the health system said.
Ascension said previously that it was in close contact with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and “we are sharing relevant threat intelligence with the Health Information Sharing and Analysis Center (H-ISAC) so that our industry partners and peers can take steps to protect themselves from similar incidents.”
Ascension, a nonprofit and Catholic health system with 140 hospitals in the U.S., said May 8 that it initially detected “unusual activity on select technology network systems.”
In addition to its electronic health records system being unavailable, the health system said that its MyChart system wasn’t functional. MyChart allows patients to access their medical records and communicate with healthcare providers. Ascension said some phone systems and various systems to order certain tests, procedures and medications were also not working.
The nonprofit said that it was working with incident responders from Google Cloud-owned Mandiant to assist in the investigation and remediation process.
On Friday, CNN reported that Ascension had suffered a ransomware attack with signs that the Russian-linked Black Basta group was behind the data breach.
That same day, the H-ISAC sent out an alert to its health sector member organizations saying that Black Basta “has recently accelerated attacks against the healthcare sector.”