Ascension, a non-profit that runs one of the largest healthcare systems in the United States, is scrambling to contain a significant cyberattack currently causing disruption and “downtime procedures” at hospitals around the country.
The St Louis healthcare giant said computer systems affected include electronic health records, the MyChart patient communication portal, certain phone systems, and systems used for ordering tests, procedures, and medications.
After discovering the hack on May 8, Ascension said it activated downtime procedures and temporarily suspended non-emergent elective procedures to focus on urgent care. Several hospitals have also diverted emergency medical services to ensure prompt triage of critical cases, the company said.
“We have determined this is a cybersecurity incident. We are working around the clock with internal and external advisors to investigate, contain, and restore our systems following a thorough validation and screening process. Our investigation and restoration work will take time to complete, and we do not have a timeline for completion,” the company said in a note posted online.
“It is expected that we will be utilizing downtime procedures for some time. Patients should bring to their appointment notes on their symptoms and a list of current medications and prescription numbers or the prescription bottles so their care team can call in medication needs to pharmacies,” Ascension said.
Details on the intrusion are scarce but the early bet is on a ransomware infection with severe offline ramifications, including the diversion of emergency medical services and the pausing of non-emergency elective procedures.
“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”
Ascension said it is working with Google’s Mandiant unit on the investigation and remediation process.
Ascension has about 142,000 employees managing hundreds of hospitals and 40 senior living facilities across the United States.
News of the Ascension hack breach comes just 24 hours after Dell Technologies sent notices to millions of customers warning that data including full names and physical addresses was stolen during a security incident.
Dell did not provide any details on the breach beyond a brief statement mentioning “an incident involving a Dell portal, which contains a database with limited types of customer information. The company confirmed that data accessed include customer names, physical mailing addresses and information on Dell hardware and order information.
The pilfered data also included order service tags, item description, dates of orders and customer warranty information.
“The information involved does not include financial or payment information, email addresses, telephone numbers or any highly sensitive customer information,” Dell added.
Related: What’s Behind the Healthcare Ransomware Epidemic?
Related: Change Healthcare Hack Due to a Lack of Multifactor Authentication
Related: Ransomware Group Starts Leaking Data Stolen From Change Healthcare
Related: Dell Says Customer Names, Addresses Stolen in Database Breach
Related: Zscaler Investigates Hacking Claims After Data Offered for Sale
