Ascension, one of many largest non-public healthcare methods in america, has taken a few of its methods offline to research what it describes as a “cyber security event.”
As a significant U.S. nonprofit well being system, Ascension operates 140 hospitals and 40 senior care services throughout 19 states and the District of Columbia.
It additionally employs 8,500 suppliers, has 35,000 affiliated suppliers and 134,000 associates. In 2023, it reported a complete income of $28.3 billion.
“On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event,” Ascension mentioned.
“We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.”
The healthcare group additionally suggested enterprise companions to sever connections to its methods till instructed in any other case.
“Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment,” the nonprofit added.
Medical operations disrupted
Ascension added that the incident additionally disrupted medical operations. An ongoing investigation is now assessing the influence and length of the disruption.
It has additionally knowledgeable the related authorities of the cyberattack and employed Mandiant incident response consultants to help with the investigation and remediation course of.
A spokesperson despatched BleepingComputer the assertion revealed on Ascension’s official web site earlier at the moment. The spokesperson mentioned, “This is an ongoing situation, and we will provide updates as we learn more.”
Final month, the U.S. Division of Well being and Human Providers (HHS) warned that menace actors at the moment are utilizing social engineering ways to focus on IT assist desks within the Healthcare and Public Well being (HPH) sector.
These attackers trick staff into enrolling new multi-factor authentication (MFA) gadgets below the attacker’s management, which provides them entry to company assets.
