A cyberattack this week on health system giant Ascension forced hospitals across the nation to divert ambulances, blocked access to online patient records, and caused patients to postpone medical tests. It also put millions of patient records and private data at risk.
Non-profit, St. Louis-based Ascension, one of the largest private healthcare systems in the United States, operates 140 hospitals and 40 senior living facilities in 19 states. An Ascension spokesperson said it first became aware of a problem Wednesday on its computer network systems.
“On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event,” Ascension said in a statement Thursday. “At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.”

Ascension operations severely impacted
“We are working around the clock with internal and external advisors to investigate, contain, and restore our systems. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” according to latest statements.
Health care workers in several states including Wisconsin, Michigan and Florida reported disruptions to patient care on Thursday. Both the electronic records system and systems that gives patients access to their records were offline. Clinical operations continued to be impacted, which led to hospitals severing connections to online systems.
These interruptions meant medical staff couldn’t see medical histories, access patient information, communicate with other hospital departments, or view patient labs or test results. Healthcare workers said they were having to revert to using paper systems to record conditions, order procedures, and write prescriptions.
It has not been confirmed at this time whether or not the cyberattck on Ascension was a ransomware attack although indications are pointing in that direction. Ransomware attacks typically involve the shutting down of access to critical data and/or a threat to release sensitive information, and demanding a monetary penalty to release it.
Attacks against the healthcare sector are increasing.
The Ascension breach comes as attacks on healthcare providers become increasingly common, often affecting protected health information along with other sensitive data, such as patient medial information, Social Security numbers, phone numbers, and home addresses.
A USA TODAY study reports that more than 144 million Americans’ medical information was stolen or exposed last year in a record-breaking number of health care data breaches. Since 2019, data breaches targeting third-party vendors contracted by hospitals have more than tripled, the analysis showed.
In February this year, a ransomware group targeted Change Healthcare. The attack caused billing disruptions at pharmacies across the country. An estimate one-third of Americans may have had their personal data compromised in the hack, according to Change owner, UnitedHealth Group CEO Andrew Witty. Witty revealed in testimony to Congress that UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data.
A ransomware attack in November on Ardent Health Services system, which operates 30 hospitals in six states, caused the provider to divert patients from some of its emergency rooms to other hospitals and postpone some elective procedures.
On Friday, the Health Information Sharing and Analysis Center published an advisory warning that hackers using ransomware have “recently accelerated attacks against the healthcare sector.”
It is not clear why healthcare organizations are being targeted. Some industry experts believe it is due to the fact that healthcare systems typical store a large about of private customer information and sentiments are high in that environment for the fast resolution of operational issues that affect patient care.
To learn more about how to protect your company from cyberattacks, check out wedoit.co