How a US healthcare system was hacked after employee’s ‘honest mistake’ – ET HealthWorld

New Delhi: Ascension, one of the leading US healthcare companies, has revealed that it was hit by a ransomware attack in May 2024, which affected its electronics. health record systemphone, and scheduling system.

Although some Non-emergent processes And as appointments were delayed, emergency services were rerouted to avoid backlogs.

How did hackers obtain company data?

The attack was carried out when an employee downloaded a malicious file that was believed to be legitimate. The company took some devices offline on May 8 to contain the incident and switched to paper-based recordkeeping for procedures and medications.

“We have also determined how the attacker gained access to our systems. A person working at one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was an honest mistake,” the company said.

While some services are back online, Ascension is still working to restore full functionality of the electronic health records, patient portal, phone system and scheduling systems.

It added, “Importantly, we have no evidence that the data was derived from our electronic health records (EHRs) and other clinical systems, where our complete patient records are securely stored.”

What the company found

During the investigation, the company found that the attackers accessed and potentially stole files from seven servers across Ascension’s 25,000 network. These files may have contained patient protected health information (PHI) and personally identifiable information (PII).

“We have made progress in our investigation and recovery with the help of third-party cybersecurity experts. At this point, we now have evidence that indicates the attackers were able to take files from certain file servers used primarily by our associates for daily and routine tasks. These servers represent about seven of the approximately 25,000 servers in our network,” it added.

Although Ascension has not identified the specific ransomware group, CNN has reported Black Basta’s involvement, reports Bleeping Computer.

Black Basta is a ransomware group that has been active since April 2022 and has targeted high-profile organizations such as Rheinmetall, Capita, ABB, and the Toronto Public Library.

  • Published on June 15, 2024 at 08:30 PM IST

Join a community of 2M+ industry professionals

Subscribe to our newsletter to get the latest information and analysis.

Download ETHealthworld App

  • Get realtime updates
  • Save your favourite articles

icon g play - 2

icon app store - 4

Scan to download the app
health barcode - 6