Ascension confirms that data was breached in the Black Basta ransomware attack

As Ascension continues to work toward it network-wide restoration of its electronic health record, the 19-state health care system confirmed this week that the May 8 ransomware attack that weakened its IT systems may also have exposed protected health information and personally identifiable information for some patients.

WHY IT MATTERS
The health care organization, one of the nation’s largest health care systems, said Wednesday that PHI and PII “for certain individuals” were contained in folders on seven of its 25,000 servers. Although the compromised servers were part of daily routine operations, there is no evidence that data originated from electronic health records and other clinical systems containing complete patient records.

While the investigation continues, “it is a significant undertaking that will take time,” the provider organization said in its report Cybersecurity event update.

“We understand that individuals may have questions about their data, including whether it has been impacted, but at this time we are unable to answer these questions on an individual basis,” Ascension said.

Last week, the national healthcare provider reported that the EHR is back up and running at its healthcare facilities in Florida, Alabama and Austin, Texas, and said access to the entire system of 140 hospitals must be repaired no later than June 14.

In the first days after the Cyber ​​attack network closed, healthcare staff struggled to serve patients without commands and communication technologies. Having lost access to the EHR, certain laboratory systems, and surgical and medication systems, employees reported struggling with downtime procedures in the chaos.

The health organization also noted in its latest update that the criminals initially gained access to the network when an employee clicked to download a malicious file, believing it to be legitimate.

“We have no reason to believe this was anything but an honest mistake,” Ascension said in the statement.

The health care system concluded the update by encouraging potentially affected patients and staff to take advantage of free credit monitoring and identity theft protection, which are available by calling 888-498-8066.

THE BIG TREND
Phishing is one of the top attack vectors that has only been amplified by access to public artificial intelligence tools, and social engineering attacks are the source of many successful data breaches.

The Health Information Sharing and Analysis Center published a threat alert on May 10 that the Russian-backed ransomware group Black Basta was accelerating attacks on the healthcare sector. H-ISAC said in the alert that the group uses spear phishing and purchases compromised credentials through Initial Access brokers.

Heeding the tactics, techniques, procedures and similar alerts, and staying on top of patch management, can help IT teams shut down more attack vectors and strengthen vulnerabilities. However, many industry observers have said the executive branch and Congress must take action to strengthen the health care sector’s defenses.

Released last week by the Foundation for Defense of Democracies, a new report outlined 13 cybersecurity recommendations for government and hospitals that address funding, developing a cybersecurity workforce – especially in rural areas – and “providing road maps to important life-saving secure services’.

“The federal government should leverage expanded public-private partnerships through (US Health and Human Services) to strengthen the cyber resilience of health care providers,” the FDD researchers said.

ON THE RECORD
“At this time, we do not know exactly which data may be affected and for which patients,” an Ascension spokesperson said in a statement. “To reach these conclusions, we must conduct a full assessment of the stocks that may have been affected and analyze them carefully.”

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.