Ascension

Image: Midjourney

Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday.

Systems currently offline in impacted hospitals include the MyChart electronic health records system, which patients use to view their medical records and communicate with their providers. The attack also took down some phone systems and systems for ordering tests, procedures, and medications.

When it disclosed the incident on Wednesday, the healthcare giant was also forced to take some devices offline to contain what it described as a "cyber security event."

On Wednesday, the healthcare organization also advised business partners to disconnect from its systems immediately until further notice.

Because of ongoing operation disruptions and outages caused by the cyberattack and "out of an abundance of caution," Ascension also temporarily paused some non-emergent elective procedures, tests, and appointments while working to bring its systems back online.

"Due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately," Ascension said.

"If you are experiencing a medical emergency, please contact 911 and your local emergency services will bring you to the nearest hospital emergency room."

Ascension says its teams will work with patients to reschedule appointments or procedures until systems are restored. Patients must bring their symptom notes, a list of current medications, prescription numbers, or prescription bottles to appointments. This will allow care teams to call pharmacies for medication needs.

With the assistance of Mandiant incident response experts, an ongoing investigation is currently assessing the impact and duration of the disruption. Still, Ascension expects to use "downtime procedures for some time."

Suspected ransomware attack

While the nature of the attack has yet to be disclosed, sources familiar with the incident have told CNN that the Black Basta ransomware gang is behind the incident.

Earlier today, Health-ISAC (Information Sharing and Analysis Center) also published a threat bulletin warning that Black Basta "has recently accelerated attacks against the healthcare sector."

Black Basta ransom note
A Black Basta ransom note (BleepingComputer)

Black Basta surfaced as a Ransomware-as-a-Service (RaaS) operation in April 2022. Since then, its affiliates have breached many high-profile victims, including German defense contractor Rheinmetall, U.K. technology outsourcing company Capita, industrial automation company and government contractor ABB, and the Toronto Public Library.

According to joint research from Elliptic and Corvus Insurance, the Russian-linked ransomware gang raked in at least $100 million in ransom payments from over 90 victims until November 2023.

Ascension is one of the largest private healthcare systems in the United States, operating 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia.

The nonprofit health system has 8,500 providers, 35,000 affiliated providers, and 134,000 associates. In 2023, it reported total revenue of $28.3 billion.

Related Articles:

Ascension hacked after employee downloaded malicious file

Ascension healthcare takes systems offline after cyberattack

The Week in Ransomware - May 10th 2024 - Chipping away at LockBit

Prudential Financial now says 2.5 million impacted by data breach

BlackSuit ransomware gang claims attack on KADOKAWA corporation