Ascension hospitals breach caused by employee downloading malicious file

Ascension has said that its data breach was caused by an employee accidentally downloading a malicious file. The healthcare provider has confirmed that cybercriminals obtained files containing personal healthcare information and personally identifiable information.

Ascension, a non-profit Catholic healthcare organization, first announced on social media that it was grappling with a “cybersecurity event” on May 8th, 2024.

The X post said, “We detected unusual activity on select technology network systems, which we now believe is due to a cybersecurity event. Our care teams have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” the post said.

After the attack, Ascension hospitals across the US were forced to use “manual and paper-based systems” as the organization's networks were shut down. Days later, Ascension announced that it could not take emergency patients due to downtime procedures.

Now, the organization has released an update on the incident, stating that it has made progress in its investigation and recovery with the help of cybersecurity experts.

Evidence shows that cybercriminals were able to steal files from a small number of servers used predominantly for daily routines and tasks.

Ascension said the attackers accessed only seven of approximately 25,000 servers across the organization's networks.

The organization has reason to believe that cybercriminals accessed files containing protected health information (PHI) and personally identifiable information (PII). However, the information obtained is still unknown, as the investigation is still ongoing.

Ascension confirmed how bad actors accessed the hospital's systems. According to the healthcare provider, an employee working at one of Ascension’s facilities “accidentally downloaded a malicious file that they thought was legitimate.”

The healthcare provider has said that it believes this to be “an honest mistake.”

Ascension said that there is no evidence that data was stolen from its Electronic Health Records (EHR) and other clinical systems where patient records are stored.

Although the full scope of the attack is still being explored, and the exact information stolen by attackers is unknown, Ascension is providing all patients and associates with credit monitoring and identity theft protection services.

Once the full review of the data has been completed, Ascension aims to notify the individuals affected alongside the appropriate regulatory bodies.