Cyberattack forces major US health care network to divert ambulances from hospitals

profile photo
By Yosi Yahoudai
Founder and Managing Partner

A major U.S. health care system said Thursday that it is diverting ambulances from “several” of its hospitals following a cyberattack this week.The cyberattack on Ascension, a St. Louis-based nonprofit network that includes 140 hospitals in 19 states, is also disrupting access to electronic health records, some phone systems and “various systems utilized to order certain tests, procedures and medications,” Ascension said in a statement distributed Thursday evening.The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack. Downtime procedures are typically when health providers revert to backup processes, including paper records, that allow them to care for patients when computers are down.Four sources briefed on the investigation told CNN that Ascension suffered a ransomware attack, in which cybercriminals typically try to lock computers and steal data for extortion. Those sources said that the type of ransomware used in the hack is known as Black Basta, which hackers have used repeatedly to attack health care organizations in recent years. Black Basta’s broad criminal group includes Russian-speakers, according to the Department of Health and Human Services.News of the hack of Ascension broke on Wednesday, and Ascension has, in the last 24 hours, followed a familiar playbook for many American organizations that have been assaulted by cybercriminals. Ascension has notified federal authorities of the incident, hired prominent U.S. cybersecurity firm Mandiant to recover from the incident and shut down systems to try to keep the incident under control.Senior U.S. officials have been in repeated contact with Ascension CEO Joseph Impicciche since the ransomware attack to understand how the hack might impact patient care, two sources familiar with the matter told CNN.”We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained,” Ascension said in its statement Thursday evening.It was not clear how many Ascension hospitals were sending ambulances to other locations because of the cyberattack. Ascension spokesperson Gene Ford did not respond to calls and emails seeking comment.It’s only the latest major hacking incident that has hobbled a big U.S. health care network and sent U.S. officials scrambling to offer support.A February ransomware attack on Change Healthcare, a subsidiary of health care giant UnitedHealth Group, caused billing disruptions at pharmacies across the U.S. and threatened to put some health providers out of business. A third of Americans may have had their personal data swept up in the hack, UnitedHealth CEO Andrew Witty estimated in testimony to Congress this month. UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data, Witty said.That Change Healthcare hack incensed U.S. lawmakers and prompted questions across the federal government about the vulnerability of America’s health care system to disruptive cyberattacks with cascading impacts – questions that the cyberattack on Ascension will do nothing to assuage.

A major U.S. health care system said Thursday that it is diverting ambulances from “several” of its hospitals following a cyberattack this week.

The cyberattack on Ascension, a St. Louis-based nonprofit network that includes 140 hospitals in 19 states, is also disrupting access to electronic health records, some phone systems and “various systems utilized to order certain tests, procedures and medications,” Ascension said in a statement distributed Thursday evening.

Advertisement

The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack. Downtime procedures are typically when health providers revert to backup processes, including paper records, that allow them to care for patients when computers are down.

Four sources briefed on the investigation told CNN that Ascension suffered a ransomware attack, in which cybercriminals typically try to lock computers and steal data for extortion. Those sources said that the type of ransomware used in the hack is known as Black Basta, which hackers have used repeatedly to attack health care organizations in recent years. Black Basta’s broad criminal group includes Russian-speakers, according to the Department of Health and Human Services.

News of the hack of Ascension broke on Wednesday, and Ascension has, in the last 24 hours, followed a familiar playbook for many American organizations that have been assaulted by cybercriminals. Ascension has notified federal authorities of the incident, hired prominent U.S. cybersecurity firm Mandiant to recover from the incident and shut down systems to try to keep the incident under control.

Senior U.S. officials have been in repeated contact with Ascension CEO Joseph Impicciche since the ransomware attack to understand how the hack might impact patient care, two sources familiar with the matter told CNN.

“We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained,” Ascension said in its statement Thursday evening.

It was not clear how many Ascension hospitals were sending ambulances to other locations because of the cyberattack. Ascension spokesperson Gene Ford did not respond to calls and emails seeking comment.

It’s only the latest major hacking incident that has hobbled a big U.S. health care network and sent U.S. officials scrambling to offer support.

A February ransomware attack on Change Healthcare, a subsidiary of health care giant UnitedHealth Group, caused billing disruptions at pharmacies across the U.S. and threatened to put some health providers out of business. A third of Americans may have had their personal data swept up in the hack, UnitedHealth CEO Andrew Witty estimated in testimony to Congress this month. UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data, Witty said.

That Change Healthcare hack incensed U.S. lawmakers and prompted questions across the federal government about the vulnerability of America’s health care system to disruptive cyberattacks with cascading impacts – questions that the cyberattack on Ascension will do nothing to assuage.

author photo
About the Author
Yosi Yahoudai is a founder and the managing partner of J&Y. His practice is comprised primarily of cases involving automobile and motorcycle accidents, but he also represents people in premises liability lawsuits, including suits alleging dangerous conditions of public property, third-party criminal conduct, and intentional torts. He also has expertise in cases involving product defects, dog bites, elder abuse, and sexual assault. He earned his Bachelor of Arts from the University of California and is admitted to practice in all California State Courts, and the United States District Court for the Southern District of California. If you have any questions about this article, you can contact Yosi by clicking here.

(source)