Ascension Health System Grapples With Cyber Attack

Ascension, one of the largest nonprofit health systems in the United States, is dealing with significant disruptions after detecting a cybersecurity incident this week. The Catholic health care organization, which operates 140 hospitals across 19 states and Washington D.C., announced on Wednesday that it had identified "unusual activity" impacting some of its technology network systems.

In a statement, Ascension said it believes the disruptions stem from a cybersecurity breach. "On May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event," the health system stated. "We responded immediately, initiated our investigation and activated our remediation efforts."

Ascension has enlisted the cybersecurity firm Mandiant to assist with investigating the incident and implementing remediation measures. The organization also indicated it has notified the relevant authorities about the data breach, though it remains unclear what information or systems were compromised.

"At this time we continue to investigate the situation," Ascension's statement read. "We are using assistance from Mandiant to assist in the investigation and remediation process, and we have notified the appropriate authorities." The health system says it is working to determine what data, if any, may have been accessed improperly.

With over 134,000 associates and 35,000 affiliated medical providers, Ascension is one of the largest nonprofit health systems in the country. News of the cybersecurity incident comes amid a troubling wave of data breaches impacting major healthcare providers over the past year.

Just last month, the U.S. Department of Health and Human Services warned about threat actors targeting IT help desks at healthcare organizations through social engineering tactics to gain initial access. Other recent high-profile incidents include ransomware attacks on UnitedHealth Group's Optum subsidiary and the Lehigh Valley Health Network in Pennsylvania.

As the investigation continues, Ascension says it is focused on "remediation of our technology systems and safeguarding the data we have responsibly secured." The health system has not provided details on the scope of impact to patient data and operations across its facilities. Cybersecurity experts emphasize that large healthcare providers remain among the most appealing and vulnerable targets for malicious hackers.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.