Ascension Ransomware Attack: Yet Another Crippling Healthcare Attack

In May 2024, Ascension Health, one of the largest U.S. healthcare systems, fell victim to a ransomware attack. The breach severely impacted hospital operations across multiple states, disrupting Ascension’s electronic health record (EHR) system MyChart.

Healthcare workers were forced to revert to manual documentation, delaying and disrupting critical patient care. 

We’ve uncovered everything that happened in this ruthless cyber assault on yet another major healthcare system in our Ascension Cyber Attack Timeline. 

Download the detailed timeline document and summary image for a complete understanding of how damaging a cyber attack can be and how it can directly impact human life.

The timeline also takes a look at the Cyber Incident Response measures taken by Ascension and the lessons contained in this incident for all IT and business professionals. 

Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.

Ascension Ransomware Attack: Immediate Impact on Human Life 

The Ascension Cyber Attack had a profound impact on the organisation, disrupting clinical operations. It also deeply affected patient care, necessitating extensive recovery efforts.

The incident highlighted the massive vulnerabilities in the healthcare sector. It underscored the importance of robust cybersecurity measures. But most important of all, it underlined how business leadership needs to engage with cybersecurity with immediate urgency.

1. Emergency Services Disrupted: As a precautionary measure, some hospitals went on diversion for emergency medical services to ensure that emergency cases could be triaged immediately. This diversion was necessary to manage patient care effectively while the systems were offline and to maintain safety during the incident.
   
   
2. Manual Record-Keeping: With EHRs inaccessible, hospital staff relied on manual processes, increasing the chance of errors in patient information. Several nurses reported that doing their job became extremely difficult and borderline dangerous in the absence of comprehensive and accurate patient data. 
   
   
3. Surgery and Appointments Delayed: Routine surgeries and appointments were postponed, affecting ongoing treatments for patients with chronic conditions.
   
   
4. Patient Anxiety: Patients were unable to access their medical histories or schedule appointments via online portals. This caused a lot of anxiety among those with urgent healthcare needs.

This incident was a reminder of the dire need to enhance cybersecurity preparedness and leadership to navigate the complex threat environment we inhabit. This can be achieved by engaging the management in the organisational threat context and improving executive decision-making with our Cyber Tabletop Exercises for Executives. 

Lessons Learned from the Ransomware Attack on Ascension    

1. Prioritize Cybersecurity in Critical Infrastructure: Ascension's attack highlights the need for robust cyber defences in industries where operational disruptions can directly affect human life. This attack was a chilling reminder for all critical infrastructure organisations to prioritise offline backups and systems that can store critical records and make them accessible in an attack situation.

2. Cyber Incident Response is Key: Healthcare and critical infrastructure organisations must have a well-structured cyber incident response plan to minimise downtime and recover swiftly from attacks. Disruptive ransomware attacks are no longer avoidable. But what will differentiate your organisation is how quickly it's able to resume critical services in the event of a cyber attack.  

3. Data Backups and Contingency Plans: Having secure, offline data backups and alternative workflows (like manual systems) are imperative for reducing downtime during attacks.

4. Employee Training: Regular cybersecurity training for employees can make a huge difference to how ransomware attacks are handled. Regular Cyber Attack Simulation Drills give employees the practice they need for doing their jobs seamlessly in spite of a cybersecurity incident. It also reduces human error, a common vulnerability exploited in ransomware attacks.

5. Collaboration with Experts: Partnering with cybersecurity experts and law enforcement is essential in mitigating the effects of a breach and investigating the attack.

6. Transparency in Communication: Crisis communication, proper protocols for communication during an attack and pre-defined channels and messages are very important to help manage panic and maintain trust during and after an attack.

These lessons emphasise the critical nature of proactive cyber defence and operational resilience in today's interconnected business environment. 

For a detailed understanding of how ransomware attackers impacted Ascension, its employees and patients, don't forget to download our Ascension Cyber Attack Timeline and Summary Image.  

Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.