Alert essentials: At present, this information is derived from open-source documents and is not yet categorized under the Traffic Light Protocol. A recent cyber attack has disrupted Ascension Hospital’s network. Out of an abundance of caution, Ascension has recommended that everyone disconnect from Ascension Networks immediately. Details will be released as they are discovered.
Update 5/10/24: Additional reporting indicates that the situation affecting Ascension is attributed to the threat group known as Black Basta. Technical analysis conducted by KROLL provides some known IOCs associated with the group (included below).
Detailed threat description: One of the five largest medical networks in the United States has suffered a cyber attack. The compromise is impacting patient care at Ascension Healthcare’s 140 hospitals, its business partners, and pharmacies across the country.
The Ascension network team quickly identified unusual activity on the network and began their investigation. They contacted cybersecurity firm Mandiant to assist with their investigation and restoring service. However, information about this event is scarce at this time as the organizations work to understand the situation better.
Should it be determined that sensitive information was leaked, notices will be provided to those affected.
Investigations are ongoing, and Fortified will provide updates as they become available. Fortified will also be actively applying any published IOCs to our monitoring services to ensure the continued security of our clients.
Impacts on healthcare organizations: The attack has seriously disrupted clinical operations and halted surgeries. Ascension currently has no access to medical records, labs, radiology, X-rays, charting, and other patient care technologies. Communication between providers at the hospital is limited to handwritten notes and telephone updates.
As of Wednesday evening (5/8/24), Ascension was still accepting unstable patients, but stable patients were being diverted to other hospitals.
Recommendations – Updated 5/10/24
Engineering recommendations:
- Business partners are advised to disconnect connections to the Ascension system
- Apply known IOCs into monitoring and endpoint security mechanisms:
Leadership / program recommendations:
Remain vigilant to published, authoritative information from reliable sources.
Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.
References: