A ransomware attack on US private healthcare giant Ascension has led to ambulances being diverted and patient appointments being postponed.
Ascension confirmed the attack on May 9 after detecting unusual activity on select technology network systems on May 8.
The healthcare provider, which operates 140 hospitals across the US, said that several hospitals are currently on diversion for emergency medical services to ensure emergency cases are triaged immediately.
Electronic health records systems are also unavailable, in addition to various systems used to book tests, procedures and medications.
All hospitals and facilities remain open and are providing care. However, some non-emergent elective procedures, tests and appointments have been temporarily paused while Ascension works to bring its systems back online.
Ascension has not yet determined whether any sensitive information was accessed by the attackers but said it will notify any potentially affected individuals as the investigation unfolds.
An Ascension spokesperson said that the company is now liaising with cybersecurity experts to assist in restoration and recovery efforts.
Additionally, the company has notified law enforcement and relevant federal agencies of the incident, including the Department of Health and Human Services (HHS).
Ascension commented: “While our restoration work continues in earnest, our primary focus is on restoring systems as safely as possible and, as such, we expect this process will take time to complete.”
Healthcare a Primary Target for Ransomware Groups
An update by the Ascension spokesperson on May 11 referred to the event as a ransomware incident.
CNN has reported that “four sources briefed on the investigation” said the attack was perpetrated by the Black Basta gang.
Black Basta is a Russian-based Ransomware-as-a-Service (RaaS) operator, whose activity has increased significantly in 2024.
On May 10, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on Black Basta in coordination with other federal agencies. This found that the group’s affiliates have impacted over 500 organizations globally, and encrypted and stolen data from at least 12 out of 16 critical infrastructure industries, including the Healthcare and Public Health (HPH) Sector.
Commenting on the story, Steve Hahn, Executive VP at cybersecurity firm BullWall, said this new incident is part of a worrying trend of sophisticated RaaS groups intensifying their focus on US healthcare.
“These actions follow the FBI's operation against BlackCat's infrastructure, with the group vowing increased attacks on this sector,” he noted.
The attack on Ascension follows the Change Healthcare hack in February 2024, which severely disrupted patient care across the US, including prescriptions.
Change’s owner UnitedHealth later confirmed that it paid the BlackCat ransomware group a ransom to restore its systems, reportedly around $22m.
The US government is investigating the incident to determine whether protected health information (PHI) was breached and if Change complied with its regulatory duties.