Ransomware attack disrupts major American health system.

Understanding the impact of ransomware on healthcare systems.

A cybersecurity breach affecting Ascension, one of the largest healthcare systems in the United States, has disrupted operations at 140 hospitals serving communities in 19 states and the District of Columbia. The attack forced many of Ascension’s 35,000 physicians and 135,000 staff members to revert to manual processes like writing notes and updating patient charts by hand.
 
First detected on May 8, the ransomware attack compromised multiple technology systems, including the electronic health records that patients use to schedule procedures, view lab results, and refill medications. Phone systems have also been affected, forcing many providers to deliver orders for tests and prescriptions in person.
 
The full scope of the attack.
All of Ascension’s facilities remain open, but a representative admitted that, in some cases, emergency patients have been triaged to different hospitals. Many non-emergency appointments and elective procedures have been postponed, and some Ascension pharmacies have seen significant disruptions. 
 
Individuals enrolled in the company’s health insurance plans have been advised to mail their checks for monthly premiums while electronic payment systems are down. And though there’s no indication yet that patient data has been compromised, cybersecurity experts expect that sensitive information will eventually turn up on the dark web.
 
As of May 20, Ascension had not reported a timeline for when day-to-day operations might return to normal. The company said it was working with  “industry-leading cybersecurity experts” to investigate the ransomware attack and restore affected systems, while the FBI and Cybersecurity and Infrastructure Security Agency (CISA) confirmed their involvement in the investigation.
 
A rising threat.
The Ascension attack follows other high-profile cybersecurity breaches on American healthcare companies. According to recent research, ransomware attacks on healthcare systems more than doubled between 2016 and 2021, compromising the private health information of nearly 42 million people.
 
Earlier this year, Change Healthcare, owned by UnitedHealth, suffered a major ransomware attack. This breach exposed millions of Americans’ health data, delayed healthcare claims processing, and disrupted prescription services. Last month, federal lawmakers grilled UnitedHealth’s CEO during a Senate hearing; he revealed that the company didn’t have adequate cybersecurity protections like multi-factor authentication in place to prevent such an attack.
 
Negative impacts from the Change Healthcare attack continue to reverberate across the American healthcare system. The American Hospital Association reported that 94% of hospitals surveyed experienced a financial impact, with many still struggling to get claims submitted and paid as of late April.
 
The U.S. Department of Health and Human Services has stepped up to try and help. Last week, before the Ascension story broke, HHS announced it would invest more than $50 million in a cybersecurity toolkit to help hospitals better defend themselves against cybersecurity threats.
 
What else can businesses do to protect themselves?
As ransomware attacks targeting businesses increase in frequency and severity, it’s time to strengthen cybersecurity measures. CMIT Solutions has compiled a few tips to help you stay safe and protect your company.
 
Implement multi-factor authentication. MFA is a critical line of defense against the exact type of ransomware attack that struck Ascencion. MFA adds an extra layer of security by requiring users to log in using two or more verification factors—a password, for instance, along with a code sent to their mobile device or a biometric identifier like a fingerprint. This significantly reduces the risk of unauthorized access, as a stolen password alone is not enough for a hacker to compromise a system.

Keep all systems up to date. Upgrading software and hardware with the latest security patches is essential to fix vulnerabilities and prevent cybercriminals from exploiting unprotected devices. Regular updates can be automated to run during off-hours and in the background of desktops, laptops, and smartphones, reducing disruptions while maintaining smooth operations.

Conduct frequent security training. Regular education sessions should cover common threats like phishing, ransomware, and malware, while simulation exercises can reinforce this training by helping employees learn how to recognize suspicious emails and links. Safeguarding sensitive information requires a concerted effort from everyone on your team—and educating employees on the importance of cybersecurity is a key line of defense.

Back up data regularly. A smart backup strategy involves multiple versions of the same data saved in more than one location on a variety of media. These backups should be stored securely and separately from a company’s main network to prevent ransomware infections and mitigate the effects of natural disasters. CMIT Solutions recommends storing at least three copies of data on two different media, with one copy saved off-site in the cloud. This can provide a reliable data recovery option in the event of a ransomware attack. It’s important to test backup restoration processes, as well, to ensure that data can be quickly and accurately restored when needed.

Develop an incident response plan. Want to minimize the damage of a cyberattack? Preparing for it in advance is an important step. Working with a trusted IT provider, you can develop an incident response plan that outlines clear steps to contain and mitigate the effects of an attack, including identifying the breach, isolating affected systems, and communicating with stakeholders. Regular drills and exercises can help empower team members to know their roles and responsibilities during an incident, leading to a more coordinated and effective response.

Invest in advanced security solutions. Implementing advanced cybersecurity tools can enhance your organization’s ability to detect and respond to threats. Intrusion detection systems (IDS) monitor network traffic for suspicious activity, while endpoint protection software defends individual devices from malware and other threats. Threat intelligence services provide real-time information on emerging threats like healthcare-targeted attacks, enabling organizations to adapt their defenses accordingly. Investing in these tools can significantly improve an organization’s security posture.

The recent ransomware attack on Ascension serves as a stark reminder of the critical need for comprehensive cybersecurity protection. As cyberthreats continue to evolve, businesses in every industry must proactively enhance their defenses to protect sensitive data and maintain operational integrity. 
 
CMIT Solutions specializes in comprehensive security strategies that help businesses protect themselves from increasingly sophisticated attacks. If you’re worried about ransomware attacks or concerned about the rise in threats to the healthcare sector, contact us today.