What happened?
On May 8th, 2024, Ascension, one of the titanic healthcare institutions in the United States, found itself in the grip of a sophisticated ransomware attack.
A worker inside the organization downloaded a malicious file they thought was legitimate. That one mistake plunged their network into chaos, endangering the privacy of countless patients. The attackers encrypted the company’s data, demanding a ransom for access, and threatened to expose millions of patients’ and employees’ sensitive information unless paid within 48 hours.
Over a month, from May 8th to June 14th, the attack disrupted Ascension’s normal operations, forcing some of its hospitals and clinics to postpone or cancel appointments, surgeries, and other services. The company also had to shut down its online portal and phone lines, leaving many patients and staff in the dark about their health records and schedules.
How could this happen to Ascension?
This raises the question, how could a cyberattack penetrate a well-defended organization like Ascension and hold it hostage? It’s necessary to consider both the sophistication of the attackers and potential vulnerabilities within the organization’s cybersecurity framework. Even with robust security measures, hackers continuously evolve their methods, exploiting the slightest oversight or weakness. Phishing campaigns, for instance, have become increasingly more intelligent, often tailored to deceive even the most vigilant employees. These can serve as a gateway for attackers to infiltrate an organization’s network, planting ransomware that gradually encrypts data until it seizes control over critical systems.
Moreover, the complexity of IT environments, especially in large institutions with thousands of servers and endpoints, creates innumerable points of potential failure. Regular maintenance, updates, and patches are required to safeguard against vulnerabilities; however, the sheer scale can lead to lapses, providing attackers with a window to exploit. Once inside the network, attackers can move laterally, escalating their access rights undetected due to insufficient segmentation of networks or inadequate monitoring of internal traffic. This blend of ingenuity by attackers and inevitable gaps in an organization’s security posture allows such devastating cyberattacks to take root and exert a stranglehold on vital operations, underscoring the relentless arms race between cybersecurity defenses and cybercriminal tactics.
What was the impact of the attack?
Evidence from their cybersecurity investigations indicated that the attackers were able to take files from seven of the approximately 25,000 servers they have across their network. These files contained Protected Health Information and Personally Identifiable Information.
Ascension’s reputation, financial situation, and legal standing were all under scrutiny following the attack. The company dealt with a public backlash from its customers, who felt betrayed and vulnerable because of the breach. Because of this, they face potential lawsuits from the victims of the attack, who could claim damages for the exposure of their confidential information and the disruption of their medical care. They even encountered regulatory scrutiny from the authorities, who could impose fines and sanctions for the violation of HIPAA and other laws that protect the privacy and security of health data.
Downtime is expensive, and though Ascension had disruption protocols and procedures in place, patient care delivery and clinical operations suffered as multiple systems were shut down. The approximate cost of downtime for larger organizations is roughly $16,000 per minute ($1 million per hour).
Additionally, delays stretched well beyond the one-month timeframe after the Electronic Health Record (EHR) came back online because there was extensive backlogged data entry from that period that needed to be completed.
What can we learn from this incident?
The attack on Ascension was a wake-up call for the healthcare industry. It serves as a good reminder that no organization is immune to cyberattacks and that the consequences can be devastating and far-reaching. It’s also a critical reminder that prevention is better than a cure and emphasizes the role end-users play in your organization’s safety.
Here are some best practices that can help organizations protect themselves from cyberattacks:
- Prioritize regular staff training about cyber threats and best practices to avoid them, such as using strong passwords, avoiding phishing emails, and reporting any suspicious activities.
- Continuously foster a culture of security. Encourage employees to take ownership of their role in maintaining organizational security and to report suspicious activities without fear of reprisal.
- Conduct regular risk assessments and audits of your IT systems and networks, and identify and address any vulnerabilities or gaps.
- Consistently monitor and analyze your network traffic. Continuous monitoring can detect unusual activities that may indicate an ongoing attack, allowing for swift action.
- Implement robust backup and recovery plans and test them frequently to ensure that the data can be restored in case of an attack.
- To prevent unauthorized access and tampering with data, use strong encryption and authentication methods and limit the access and privileges of users and devices.
- Update and patch software and hardware regularly, and use the latest security tools and solutions to prevent the exploitation of any known or unknown vulnerabilities.
- Implement multifactor authentication (MFA). Requiring more than one form of verification to access sensitive systems and data greatly enhances organizational security.
The unfortunate incident involving Ascension serves as a poignant reminder of the vulnerabilities that exist. While this event was undoubtedly traumatic and had significant repercussions for the organization, it also provided a valuable learning opportunity for the rest of us.
By analyzing and understanding the breach at Ascension, we can all emerge better prepared and more robustly protected for the future.
Feeling uneasy about your security?
In the wake of such advanced cyber threats, it’s clear that maintaining robust security measures is not just recommended; it’s essential. At CCB Technology, we understand the complexities and evolving nature of cyber threats. Our suite of services, including comprehensive Phishing Awareness Training, round-the-clock monitoring, and expert breach remediation, are designed to fortify your defenses and restore your confidence in your digital security posture.
Partner with us and take a proactive step towards safeguarding your organization against the unpredictable challenges of cybersecurity. Let’s work together to build a resilient and secure future.
Contact us today and learn how we can tailor our solutions to meet your unique security needs.