As Ascension continues to work toward network-wide restoration of its electronic health record, the 19-state health system this week confirmed that the May 8 ransomware attack that debilitated its IT systems also may have exposed protected health information and personally identifiable information for some patients.
WHY IT MATTERS
The provider organization, one of the largest health systems in the country, said Wednesday that PHI and PII “for certain individuals” was contained in folders on seven of its 25,000 servers. While the compromised servers were part of daily routine operations, there is no evidence that data was taken from electronic health records and other clinical systems that contain full patient records.
While the investigation continues, “it is a significant undertaking that will take time,” the provider organization said in its cybersecurity event update.
“We understand individuals may have questions about their data, including whether it was affected, but at this point, we are not able to answer those questions on an individual basis,” Ascension said.
Last week, the national healthcare provider reported that the EHR is back up and operating at its healthcare facilities in Florida, Alabama and Austin, Texas, and said access across the 140-hospital system should be restored by June 14.
In the initial days after the cyberattack shut down its network, staff at the health system struggled to serve patients without orders and communications technologies. Having lost access to the EHR, certain lab systems and surgical and medication systems, staff reported struggles with downtime procedures in the chaos.
The health organization also noted in its latest update that the criminals initially gained entry into the network when an employee clicked to download a malicious file, believing it was legitimate.
“We have no reason to believe this was anything but an honest mistake,” Ascension said in the statement.
The health system closed the update by encouraging potentially affected patients and staff to take advantage of complimentary credit monitoring and identity theft protection services, which are available by calling 888-498-8066.
THE LARGER TREND
Phishing is a top vector of attack that has only been enhanced by access to public artificial intelligence tools, and social engineering attacks are the source of many successful data breaches.
The Health Information Sharing and Analysis Center issued a threat alert on May 10 that the Russia-backed ransomware group Black Basta was accelerating attacks against the healthcare sector. H-ISAC said in the alert that the group uses spear phishing and buys compromised credentials through Initial Access brokers.
Heeding the tactics, techniques, procedures and similar warnings, and staying on top of patch management, can help IT teams shut down more attack vectors and shore up vulnerabilities. However, many industry observers have said the executive branch and Congress must act to bolster the healthcare sector’s defenses.
A new report released by the Foundation for Defense of Democracies last week outlined 13 cybersecurity recommendations for governments and hospitals that address funding, cybersecurity workforce development – particularly in rural areas – and provide “roadmaps to secure key lifesaving services.”
“The federal government should utilize extensive public-private collaboration through [U.S. Health and Human Services] to strengthen healthcare providers’ cyber resiliency,” the FDD researchers said.
ON THE RECORD
“Right now, we don’t know precisely what data was potentially affected and for which patients,” an Ascension spokesperson said in a statement. “In order to reach those conclusions, we need to conduct a full review of the files that may have been impacted and carefully analyze them.”
Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.
Information contained on this page is provided by an independent third-party content provider. This website makes no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact editor @americanfork.business