Current investigations indicate that the Russian-speaking group Black Basta has deployed ransomware onto Ascension. On May 8, the Catholic health system released a news brief that stated it was experiencing a cybersecurity event. On May 9, Ascension confirmed that the organization was hit by a ransomware attack, leading to a diversion for emergency medical services and interruption in services concerning its electronic health records system (EHR), among other tools.
CNN’s Sean Lyngaas reported last Friday, using several sources, that the cyberattack on Ascension was perpetrated by the ransomware group Black Basta, a potential offshoot of Conti.
On May 10, Orlando-based Health-ISAC issued a threat bulletin regarding Black Basta as a significant threat actor to the healthcare industry. Health-ISAC urged all Healthcare and Public Health (HPH) sector entities to follow the recommended actions listed in the bulletin. These actions include infrastructure organizations installing updates for operating systems, software, and firmware, integrating multifactor authentication (MFA), and training users to recognize and report phishing attempts.
“It’s just another demonstration of the need for additional resources to help protect hospitals and healthcare systems globally,” commented Errol Weiss, chief security officer at Health-ISAC. “Typically, with these ransomware actors, they're taking a pretty broad approach in terms of throwing out their net to try to cast a victim,” he added. Of the ransomware cases tracked by Health-ISAC over the last year, about eight percent were in the healthcare sector.
Last year, Healthcare Innovation reported on the threat that the ransomware group Black Basta posed to healthcare organizations. On March 13, 2023, the Health Sector Cybersecurity Coordination Center (HC3) published a threat profile on the group, which was first spotted in 2022.
Meanwhile, a timeline for system restoration at Ascension is still absent. “We are focused on restoring systems safely. We are making progress; however, it will take time to return to normal operations,” an Ascension spokesperson said in a statement earlier this week.
