Ascension restores its EHR system hospital-wide after ransomware attack
System access was gained via a worker who accidentally downloaded a malicious file, according to the health system.
Photo: diego cervo/Getty Images
The Ascension ransomware attacker was able to gain access to its systems by a worker who accidentally downloaded a malicious file believed to be legitimate, according to the health system.
"We have no reason to believe this was anything but an honest mistake," Ascension said in a cybersecurity event update. "Importantly, we have no evidence that data was taken from our Electronic Health Records (EHR) and other clinical systems, where our full patient records are securely stored."
However, the attacker or attackers were able to access files that may have contained Protected Health Information and Personally Identifiable Information for certain individuals, the health system said.
With the help of third-party cybersecurity experts, Ascension now has evidence that indicates the attackers were able to take files from a small number of file servers used by its associates primarily for daily and routine tasks. These servers represent seven of the approximately 25,000 servers across its network, Ascension said.
"Right now, we don't know precisely what data was potentially affected and for which patients," Ascension said. "In order to reach those conclusions, we need to conduct a full review of the files that may have been impacted and carefully analyze them. While we have started this process, it is a significant undertaking that will take time."
Ascension is offering complimentary credit monitoring and identity theft protection services to any Ascension patient or associate who requests it.
WHY THIS MATTERS
Ascension reported the cyberattack on May 8.
The attack closed down access to electronic health records across its 140 hospitals and caused delays in patient care.
On Friday Ascension announced that electronic health record (EHR) access had been restored across its hospitals.
"This means that clinical workflow in our hospitals and clinics will function similarly to the way it did prior to the ransomware attack. This also means patients should see improved efficiencies in appointment scheduling, wait times for appointments and prescription fulfillment," Ascension said. "However, our investigation into this incident is ongoing, along with the remediation of additional systems."
Access to patient portals has also been restored in each community.
Medical records and other information collected between May 8 and the date of local EHR restoration may be temporarily inaccessible.
"The developments shared today represent a highly encouraging milestone in our organization's journey toward full recovery," Ascension said.
THE LARGER TREND
Individuals who wish to enroll in free credit monitoring and identity theft protection services should call our dedicated call center at 1-888-498-8066.
Ascension had earlier given Friday, June 14 as the intended date for restoration of EHR access.
The cyberattack on one of the country's largest health systems followed the ransomware attack on Change Healthcare on February 21. Change is affiliated with the nation's largest insurer, UnitedHealthcare.
In May, UnitedHealth Group CEO Andrew Witty told a House subcommittee that he made the decision to pay $22 million in bitcoin in ransomware to protect patient information.
Ascension has made no statement about payment demands, but did confirm last month that the cyberattack was ransomware. Class action lawsuits against the health system cite a Black Basta ransomware attack.
Email the writer: SMorse@himss.org
