Ascension: Electronic Health Record Access Now Restored After Ransomware Attack
The restoration comes more than a month after the attack, and means that patients ‘should see improved efficiencies in appointment scheduling, wait times for appointments and prescription fulfillment.’
The Ascension health system said Friday that access to electronic health records has been fully restored, more than a month after a ransomware attack forced the shut down to the health record system.
The May attack, which began when an employee inadvertently downloaded malware, also forced Ascension to divert emergency care from some of its hospitals.
[Related: Ascension: 'Systems Are Being Restored' After Cyberattack]
In an update to its online advisory page Friday, the St. Louis-based health system said that EHR access “has been restored across our ministries.”
“This means that clinical workflow in our hospitals and clinics will function similarly to the way it did prior to the ransomware attack,” Ascension said in the update. “This also means patients should see improved efficiencies in appointment scheduling, wait times for appointments and prescription fulfillment.”
Still, “our investigation into this incident is ongoing, along with the remediation of additional systems,” the health system said.
Ascension, a nonprofit and Catholic health system with 140 hospitals in the U.S., said May 8 that it initially detected “unusual activity on select technology network systems.”
Ascension disclosed earlier this week that it has determined that “an honest mistake” led to the ransomware attack.
The threat actor gained access to Ascension’s systems after “an individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate,” Ascension said in the advisory update Wednesday.
Ascension also confirmed in the update that data, including health data belonging to patients, was likely stolen in the attack.
“We now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks,” the health system said. “These servers represent seven of the approximately 25,000 servers across our network. Though we are still investigating, we believe some of those files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual.”
It doesn’t appear that the EHR system itself was compromised, according to Ascension — which said there is “no evidence that data was taken” from the EHR system.
Jason Soroko, senior fellow at certificate management vendor Sectigo, said in an email that the incident raises questions about Ascension’s IT and security practices.
“Perhaps systems that are capable of downloading malicious payloads from the public internet should not be the same systems that are handling sensitive PII,” Soroko said.
CRN has reached out to Ascension for comment.
Media outlets including CNN last month reported that the ransomware attack showed signs of involvement from the Russian-linked cybercriminal group known as Black Basta.
At the time, the Health Information Sharing and Analysis Center (H-ISAC) sent out an alert to its health sector member organizations saying that Black Basta “has recently accelerated attacks against the healthcare sector.”