Major health care system hobbled by ‘cyber incident’
Ascension, a health care system with 140 hospitals in 19 states and Washington, D.C., and tens of thousands of employees and affiliated providers, detected a “cyber security event” Wednesday that has caused a “disruption to clinical operations,” the company said.
Major impacts to medical services have been reported in multiple states, including Kansas, Florida and Michigan, including some patients being diverted to other hospitals and lack of access to digital records.
“We have to write everything on paper,” one physician in Michigan told the Detroit Free Press. “It’s like the 1980s or 1990s.”
The attack comes as lawmakers and federal regulators continue to grapple with the fallout from the February attack on Change Healthcare, which has likely exposed private data on “a substantial portion” of Americans, according to company estimates.
That company admitted to paying $22 million to the ALPHV ransomware group before the group shuttered its site. The disgruntled affiliate who claimed to have worked with ALPHV to carry out the attack before getting cut out of the proceeds subsequently took 4 terabytes of the data to another extortion site.
The Change Healthcare situation has renewed calls for minimum cybersecurity standards for the hospital industry, a proposition industry groups have vowed to fight.
Health care is one of the most frequently targeted sectors by ransomware operators, likely because attackers know that disruptions to medical services and care cannot be endured for long and operators could be more likely to pay extortions, according to the cybersecurity firm Emsisoft.