Cyberattack forces major US health care network to divert ambulances from hospitals | CNN Business



CNN
 — 

A major US health care system said Thursday that it is diverting ambulances from “several” of its hospitals following a cyberattack this week.

The cyberattack on Ascension, a St. Louis-based nonprofit network that includes 140 hospitals in 19 states, is also disrupting access to electronic health records, some phone systems and “various systems utilized to order certain tests, procedures and medications,” Ascension said in a statement distributed Thursday evening.

The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack. Downtime procedures are typically when health providers revert to backup processes, including paper records, that allow them to care for patients when computers are down.

Four sources briefed on the investigation told CNN that Ascension suffered a ransomware attack, in which cybercriminals typically try to lock computers and steal data for extortion. Those sources said that the type of ransomware used in the hack is known as Black Basta, which hackers have used repeatedly to attack health care organizations in recent years. Black Basta, also the name of a broad criminal group that uses the ransomware, includes Russian-speakers, according to the Department of Health and Human Services.

On Friday, the Health Information Sharing and Analysis Center, a cyber threat sharing group for big health care providers worldwide, published an advisory warning that hackers using Black Basta ransomware have “recently accelerated attacks against the healthcare sector.”

That includes at least two health care organizations in Europe and the US that in the last month have “suffered severe operational disruptions” because of Black Basta ransomware,” the advisory said, without naming the health care organizations.

News of the hack of Ascension broke on Wednesday, and Ascension has in the last 24 hours followed a familiar playbook for many American organizations that have been assaulted by cybercriminals. Ascension has notified federal authorities of the incident, hired prominent US cybersecurity firm Mandiant to recover from the incident and shut down systems to try to keep the incident under control.

Senior US officials have been in repeated contact with Ascension CEO Joseph Impicciche since the ransomware attack to understand how the hack might impact patient care, two sources familiar with the matter told CNN.

“We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained,” Ascension said in its statement Thursday evening.

It was not clear how many Ascension hospitals were sending ambulances to other locations because of the cyberattack. Ascension spokesperson Gene Ford did not respond to calls and emails seeking comment.

It’s only the latest major hacking incident that has hobbled a big US health care network and sent US officials scrambling to offer support.

A February ransomware attack on Change Healthcare, a subsidiary of health care giant UnitedHealth Group, caused billing disruptions at pharmacies across the US and threatened to put some health providers out of business. A third of Americans may have had their personal data swept up in the hack, UnitedHealth CEO Andrew Witty estimated in testimony to Congress this month. UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data, Witty said.

That Change Healthcare hack incensed US lawmakers and prompted questions across the federal government about the vulnerability of America’s health care system to disruptive cyberattacks with cascading impacts — questions that the cyberattack on Ascension will do nothing to assuage.

Latest news
Related news