Ascension hit by cybersecurity incident affecting clinical operations
• Ascension said it was responding to a cybersecurity incident after discovering “unusual activity” on some technology network systems Wednesday that’s disrupting clinical operations.
• The hospital operator has launched an investigation and remediation efforts, including connecting with a cybersecurity firm.
• None recommended business partners temporarily suspend any connections to the health’s system’s technology environment. But i n an update posted Thursday, the operator said it was reaching out to partners so they could take steps to safeguard their systems.
Ascension, which operates 140 hospitals across 19 states and Washington, D.C., said it’s working with Mandiant, a Google subsidiary and cybersecurity company, to assist with the investigation and determine if data was breached.
“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” Ascension said in a statement. “There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”
Cybersecurity has become a significant problem for the healthcare industry as the sector digitizes, which creates more opportunities for cybercriminals. Over the past five years, the HHS has seen a 256% increase in large breaches reported to the Office for Civil Rights involving hacking.
Data stolen from the healthcare sector is particularly lucrative for hackers. Health systems targeted by ransomware, a type of malware that denies users access to their data until a ransom is paid, may also feel pressure to comply with criminals’ demands to restore access to critical systems and technology.
The incident at Ascension comes after other large cybersecurity events have hit the healthcare industry.
Change Healthcare, a technology company owned by UnitedHealth Group, was hit by a cyberattack in late February, shutting down key operations like claims processing and payment to providers.
Though the investigation is ongoing, the attack may have compromised data from a third of Americans, according to UnitedHealth CEO Andrew Witty.
A data breach at Kaiser Foundation Health Plan could have impacted information from 13.4 million people, the organization reported last month. The health plan had found online technologies may have sent data to third parties like Google and Microsoft.
