Ascension hospitals struggle in 'chaos' post-cyberattack


Hundreds of Ascension hospitals nationwide have been forced to “utilize manual and paper-based systems” as the organization's networks remain shut down after a May 8th cyberattack – causing patient care to hang in the balance.

The massive non-profit Catholic healthcare system put out an updated statement on recovery efforts on Wednesday, with other regional Ascension sites posting updates Thursday, seemingly in an attempt to quell reports of chaos descending on its facilities.

“Ascension continues to make progress towards restoration and recovery following the recent ransomware attack,” the company’s last update on Wednesday states.

ADVERTISEMENT

The mission-based healthcare system operates 140 hospitals, 40 senior care facilities, and has about 175,000 associated providers across the nation, handling over 16 million patient visits annually.

Ascension May 15 update
Ascension.com. Image by Cybernews.

‘There is no end in sight’

Nurses at the Ascension’s Saint Thomas Rutherford Hospital in central Tennessee have described the scene as “pure and utter chaos from the second you walk into the door.”

Saint Thomas is just one of 250 Ascension healthcare facilities in the region, according to a May 15th report by WRKN Nashville, a local CBS news station covering the hospital's struggle.

Nurses at the hospital reported that basic safety checks were being eliminated to care for patients, including overriding automatic medication dispensing, even leaving some practitioners concerned the violation of protocols could affect their medical licenses.

“The nursing staff didn’t know what to do since the computers were down, phone lines were down, and it was just a really difficult situation,” said the relative of one patient.

“They were writing things down. They were asking a lot of questions, repetitive questions, some questions over and over. Some things were not written down that should have been written down. They tried to give my father some medication that he should not have had, and luckily I was there to intercept that,” the relative told the news outlet.

ADVERTISEMENT

Nick Tausek, Lead Security Automation Architect at Swimlane, called Ascension “One of the largest private healthcare systems in the country,” running “140 hospitals across 19 states.”

Ongoing attacks on healthcare organizations reiterate the vulnerability inherent in the healthcare industry, a vulnerability that threat actors are exploiting to their advantage, Tausek explained.

Compounded by often confusing regulatory oversight and insufficient allocation of resources towards cybersecurity, healthcare entities remain prime targets, he said.

Ascension updates public

Ascension first revealed it was the victim of a cyberattack on May 8th after detecting “unusual activity on select technology network systems,” causing its security teams to immediately take the network offline.

By May 11th, some Ascension hospitals had announced being temporarily unable to accept emergency patients due to downtime procedures.

Ascension on Wednesday said it was focused on “getting systems back up and running as safely and as quickly as possible” and reconnecting with vendors, who had been instructed to disconnect from the Ascension healthcare environment last week out of caution.

According to regional updates, most hospitals, physician offices, and care sites across the nation “remain open and operational.” Yet, staff at many health facilities have also been forced to “utilize manual and paper-based systems during the ongoing disruption.”

A cybersecurity update Thursday from Sacred Heart and St. Vincent's hospitals in Florida warns patients, “Due to the transition to manual systems, patients may encounter longer than usual wait times and some delays.”

ADVERTISEMENT

The hospitals there are also asking patients to bring their “own notes on symptoms and a list of current medications, including prescription numbers or bottles.”

Ascension update /regional
Ascension.com. Image by Cybernews.

Ascension joins list of healthcare victims

Tausek says the allure of targeting healthcare organizations lies in the vast troves of sensitive data and the intricate networks they operate within.

He also pointed out that the attack on Ascension happened to coincide with this years annual RSA Conference held in San Francisco.

“As cybersecurity experts gathered to attend, the critical threat facing our healthcare systems and other critical infrastructure in the US was a key theme, and for good reason,” Tausek said,

The security architect listed recent health breaches hitting major US organizations such as UnitedHealth’s Change Healthcare, Kaiser Permanente, MedStar Health, and Octapharma.

Change Healthcare, the technology arm of UnitedHealth Group, fell victim to a massive ransomware attack this February, disrupting the entire US healthcare and pharmacy ecosystem for weeks.

The attack, carried out by the Russian-linked ransomware cartel ALPHV/BlackCat, led to UnitedHealth, with help from the US government, having to spend billions to bail out many hospitals and healthcare facilities that became cash-strapped due to the inability to file insurance claims and receive payments.

It is believed that the Black Basta ransomware group is responsible for the attack on Ascension, the FBI putting a warning advisory on the gang May 11th.

ADVERTISEMENT

It’s not clear how much if any sensitive data was compromised during the attack, as the ransomware cartel has not posted Ascension on its dark leak blog at the time of this report.

To mitigate threats, Tausek said that healthcare organizations must prioritize cyber hygiene and use these attacks as a learning opportunity to bolster their defenses.

“As threat actors persist in the healthcare and public health sector, proactive security measures are imperative to safeguard patient data and organizational operations,” he said.

Ascension’s update reiterated that it would “take some time to return to normal operations, and that its priority remains “providing quality patient care and relaying up-to-date information” through the recovery process.

In addition to forensic experts from Google’s Mandiant, brought in last week, the non-profit said it is supplementing the investigation with experts from Palo Alto Networks’ Unit 42 and from CYPFER.