Ascension hit by cybersecurity incident disrupting clinical operations

Dive Brief:

• Ascension said it was responding to a cybersecurity incident after discovering “unusual activity” on some technology network systems Wednesday that’s disrupting clinical operations.
• Ascension, which operates 140 hospitals across 19 states and Washington, D.C., said Thursday it’s working with Mandiant, a Google subsidiary and cybersecurity company, to assist with the investigation, remediation efforts and determine if data was breached. 
• “Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” Ascension said in a statement. “There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption.”

Dive Insight: 

Ascension initially recommended business partners temporarily suspend any connections to the health’s system’s technology environment. But in an update posted Thursday, the operator said it was reaching out to partners so they could take steps to safeguard their systems.

Cybersecurity has become a significant problem for the healthcare industry as the sector digitizes, which creates more opportunities for cybercriminals. Over the past five years, the HHS has seen a 256% increase in large breaches reported to the Office for Civil Rights involving hacking. 

Data stolen from the healthcare sector is particularly lucrative for hackers. Health systems targeted by ransomware may also feel pressure to comply with criminals’ demands to restore access to critical systems and technology.

The incident at Ascension follows other large cybersecurity events that have hit the healthcare industry. 

Change Healthcare, a technology company owned by UnitedHealth Group, was hit by a cyberattack in late February, shutting down key operations like claims processing and payment to providers. 

Though the investigation is ongoing, the attack may have compromised data from a third of Americans, according to UnitedHealth CEO Andrew Witty.

A data breach at Kaiser Foundation Health Plan could have impacted information from 13.4 million people, the organization reported last month. The health plan had found online technologies may have sent data to third parties like Google and Microsoft.