Ascension Health on Dec. 19 started sending out letters to the 5.6 million patients who were affected by a ransomware attack that was originally detected last May.
When news of the cybersecurity incident broke last spring there were reports that numerous hospitals in the Ascension network lost access to their electronic health records systems, certain labs systems, and surgical and medication systems.
The attack, which Ascension confirmed in June was done by Black Basta, sent medical staffs back into reading charts in paper, dramatically altering medical care for several days at Ascension's 140 hospitals.
In a filing with the Maine Office of Attorney General, Ascension Health said the incident occurred on February 29 and was first discovered on May 8.
Sensitive medical records stolen included the following: medical record numbers, dates of service, types of lab tests and procedure codes, as well as payment information such as credit card or bank account numbers, insurance information, policy numbers, and Social Security, tax ID, and passport numbers.
The Ascension Health breach showcases a critical reality: healthcare organizations remain prime targets for cybercriminals because of their vast stores of sensitive patient data and complex digital infrastructures, said Stephen Kowski, Field CTO at SlashNext Email Security. While investing in IT infrastructure is crucial, organizations must also prioritize real-time threat detection and automated response capabilities to prevent data exfiltration during active attacks.
"Modern ransomware groups are increasingly sophisticated in their tactics, often spending weeks inside networks before deploying their payload - making continuous monitoring and rapid response essential for protecting patient data,” said Kowski. “Healthcare providers need advanced security tools that detect and block suspicious email links, attachments, and social engineering attempts before they reach employees while maintaining comprehensive backup systems that enable quick recovery from attacks.”
Darren Guccione, co-founder and CEO at Keeper Security, added that healthcare providers stand to experience some of the most severe consequences of cyberattacks and data breaches in that they manage immense amounts of sensitive personal and health information about staff, members, and patients. Guccione said organizations entrusted with such critical data must maintain a higher standard for security and monitoring than most industries.
“The continued wave of data breaches in healthcare highlights the urgent need for strengthening cybersecurity measures,” said Guccione. “While no solution can completely eliminate risk, organizations can significantly mitigate the impact of attacks by adopting a proactive approach rooted in zero-trust with privileged access management to limit attackers’ access to sensitive data and critical systems.”
Toby Gouker, chief security officer at First Health Advisory, and an SC Media columnist, offered this stark warning: "At the current rate of breaches of healthcare data, it will soon be easier for patients to check the dark web for their medical records that it will be to ask a doctor."