Ascension healthcare network disrupted by “cyber security event,” interrupting clinical operations
CHICAGO (CBS) — The Ascension Healthcare Network announced Wednesday that its clinical operations have been disrupted by what it called a cyber security event.
In a news release, Ascension said it responded immediately, and access to some systems has been interrupted with remediation efforts in progress.
“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” Ascension said in a news release. “There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”
On Thursday, there remained many unanswered questions about the hospital cyberattack. Ascension has 140 hospitals around the country – including 14 in the Chicago area.
The hospitals see millions of visitors each year. It is not clear how many patients were impacted by the breach.
“Hospitals are some of the most connected places in the world,” said Paul Keener, a cybersecurity strategist at GuidePoint Security.
Ascension said it has brought in the cybersecurity firm Mandiant Solutions to help investigate and has notified authorities.
“Together, we are working to fully investigate what information, if any, may have been affected by the situation,” Ascension said. “Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines.”
Ascension did advise that business partners temporarily suspend their connection to the Ascension system.
On Thursday, an Ascension spokesperson said hospitals in Illinois didn’t have any patient care service interruptions, but IT service has seen some interruptions.
Ascension is one of the nation’s leading nonprofit and Catholic health systems.
This follows a ransomware attack on Change Healthcare — a subsidiary of healthcare giant UnitedHealth Group — which has compromised sensitive patient data and created billing headaches at pharmacies, hospitals, and practices nationwide, threatening to put some health providers out of business.
In January, Lurie Children’s Hospital in Chicago was also hit with a high-profile cyberattack. The hospital had to take its phone, email, and other systems offline as a result – and weeks of disruptions to regular operations ensued.
Healthcare providers across the U.S. have suffered from a spike in ransomware attacks in recent years.
Last month, HHS Secretary Xavier Becerra told CBS News that the consolidation of healthcare networks nationwide risks “capacity com[ing] at the expense of real competition,” adding, “The consolidation occurs to such an extent that there are only a few players and when one or two of those big players goes down, so goes the industry. We can’t afford to have that.”
Cyberattacks are “about money,” expert says
Keener said the announcement is a different reaction than other hospital networks targeted in similar attacks, like the one at Lurie’s that took weeks to resolve and gather any complete information.
He also said the announcement from Ascension is a good thing.
“They want people to know that they understand that there’s an issue going on that they’ve got, that they’re on top of it, and that they’re responded appropriately,” said Keener.
Keener explained the ramifications of bringing on a cybersecurity solutions firm, as Ascension has.
“Mandiant is an incident response company,” said Keener, “and what that means is when things happen, and what you’re looking for is someone, you know, who is not associated; who is not part of your team, come in and look at it from the outside to make sure that you didn’t miss anything.”
It is a sure sign, experts said, that the hospital network believes something bad has happened.
“When it comes to a cyberattack, this is about money. It’s not personal attack against the hospital. It’s not a personal attack against the business. It is about money,” Keener said, “and so where they can leverage that data, they’re pulling to go and maybe create false identities, apply for credit cards.”
Keener also explained what it meant that clinical operations were disrupted.
“When an attacker goes after clinical operations, that usually means that they’re not able to provide emergency room services, outpatient type of – someone coming in and doing appointments, those types of things,” said Keener.
Keener added that should any patients’ information be compromised, they would work to notify and support those at risk.
In the meantime, Keener had some tips for clients.
“Monitor your credit regularly – especially if you’re notified by an organization that you’re part of an attack,” said Keener. “Make sure you lock your credit so people can’t take out loans without it being unlocked.”
Among the hospitals Ascension operates in the Chicago area are Ascension Holy Family in Des Plaines, Ascension Alexian Brothers Medical Center and Behavioral Health Hospital in Elk Grove Village, Ascension St. Alexius in Hoffman Estates, Ascension St. Mary and St. Elizabeth in West Town, Ascension St. Joseph in East Lakeview, Ascension St. Francis in Evanston, and Ascension Resurrection in Norwood Park.
The disruption was also affecting hospitals in Michigan.
These hospitals had been part of the AMITA partnership between Ascension and AdventHealth before the partnership split up two years ago.
CBS 2 reached out to Ascension to see if they would sit down and answer questions. The health care network did not respond to CBS 2’s email.
CBS 2 also asked if there is any evidence of a ransomware attack in this case – meaning some sort of demand for money. CBS 2 will keep following up for more information.