It doesn’t seem like cybercriminals will stop using healthcare facilities as targets anytime soon, as another major organization fell victim to a cyberattack this week.
Ascension, a St. Louis-based health system with 140 hospitals in 19 states, discovered hacker activity in its systems on Wednesday, it said in a notice posted on its website the next day.
“Our care teams are trained to deal with disruptions of this nature and have put in place procedures to ensure that patient care continues to be safe and with as little disruption as possible,” the statement said. “There has been a disruption to clinical operations and we continue to assess the impact and duration of the disruption.”
Ascension said it has notified the relevant authorities and is working with Mandiant – a cybersecurity company owned by Google – to investigate the incident. The investigation has not yet revealed that sensitive information was affected by the cyber attack.
The health system asked its business partners to temporarily divest from all Ascension systems.
The attack affected Ascension hospitals across the country, including facilities in Texas, Florida, Michigan, Illinois and Wisconsin.
According to Satyam Tyagi, vice president of cybersecurity firm ColorTokens, the fact that Mandiant is involved is an indicator of a very serious situation.
“They are diverting ambulances which shows they do not trust their systems to provide proper patient care. The incident was noticed on Wednesday and even after 24 hours or more, the extent of the damage or containment is not known. “They have also asked that their partners disconnect from their network – another indication that the extent of the damage has not yet been determined,” he wrote in a message to MedCity News.
Tyagi noted he has heard patient reports that Ascension providers use paper cards, suggesting that even backup restore is not done online.
“At the moment it seems that Ascension is doing everything they can, but the recovery was neither planned nor effective. Going forward, every hospital should thoroughly plan for incident and recovery and test these solutions extensively,” he wrote.
Another cybersecurity expert – Stephen Kowski, field chief technology officer at SlashNext – noted that Ascension’s decision to order partners to disconnect from its systems, while disruptive, was a necessary mitigation measure that underscored the sophistication of the attack.
According to Kowski, the Ascension cyberattack has similarities to the attack on Change Healthcare.
“The similarity suggests a pattern that could involve advanced social engineering techniques that exploit human vulnerabilities,” he noted. “Healthcare organizations should adopt AI-powered security tools capable of detecting anomalous behavior suggestive of social engineering to increase their resilience against such coordinated attacks.”
These cyberattacks are just two of hundreds that have targeted healthcare providers so far this year.
Given the increasing number of cybersecurity disasters in healthcare, Ascension’s news is not surprising, wrote Douglas McKee, executive director of threat research at SonicWall.
“Healthcare continues to be a very lucrative and lower-risk target for threat actors. It is imperative that we first recognize the challenges facing healthcare – it has two priorities: physical patient safety and protecting patient data. Regulators and C-level executives must work together to understand the commonalities of these two priorities – and work to ensure both are met efficiently and cost-effectively,” he wrote.
Photo: boonchai wedmakawand, Getty Images