Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a ‘cybersecurity event’.
A statement from the company reads: “Ascension continues to make progress towards restoration and recovery following the recent ransomware attack. We continue to work with industry leading forensic experts from Mandiant to conduct our investigation into this attack and understand the root cause and how this incident occurred.
“In parallel, we have brought in additional cybersecurity experts from Palo Alto Networks Unit 42 and from CYPFER to help supplement our rebuild and restoration efforts. We are focused on getting systems back up and running as safely and as quickly as possible. We are also working on reconnecting with our vendors with the help of our recovery experts.
“Our priority remains providing quality patient care and relaying up-to-date information when available as we work through this recovery process.”
Cybersecurity experts have been responding to the attack.
Tamara Kirchleitner, Senior Intelligence Operations Analyst at Centripetal, said: “As hospitals increasingly rely on technology to build their infrastructure, divisions such as patient care, research, billing and more become more vulnerable to external threats and cyberattacks.
“This not only jeopardises data and network security but also endangers the lives of patients themselves.”
Erfan Shadabi, Cybersecurity Expert at comforte AG, said: “Medical information is among our most sensitive data. We all have a distinct right to data privacy and expect that our healthcare providers are doing everything they can to fulfil that right. So when attacks hit healthcare institutions – as it has with Ascension – we in data-heavy industries should all take a pause and consider the implications of our cybersecurity choices.
“The best way to prevent the pain suffered by both victims, the enterprise and the individual, is to safeguard sensitive records such as medical information through a data-centric approach to data protection. Data-centric methods such as tokenisation replace sensitive data elements with innocuous tokens that maintain the analytic value of the data while obscuring the actual sensitive information itself. It becomes non-identifying and, therefore, worthless in the hands of threat actors, while remaining fully workable by the enterprise.”
Anne Cutler, Cybersecurity Expert at Keeper Security, said: “Healthcare providers stand to experience some of the worst consequences of cyberattacks and data breaches, as they manage immense amounts of sensitive personal and health information about staff and patients. While not a lot of details are available about the extent of the unusual activity Ascension detected or what information, if any, has been compromised, this security event highlights the need for healthcare organisations large and small to prioritise strengthening their cybersecurity posture.
“Threats are continuously evolving, and while not every attack can be prevented, steps can be taken to mitigate the access of cybercriminals and minimise impacts on systems, data and operations. The most effective method for minimising sprawl if an attack does occur is by investing in prevention with zero-trust privileged access management that will limit, if not altogether prevent, a bad actor’s access.”