{"id":19599,"date":"2024-06-21T07:28:55","date_gmt":"2024-06-21T07:28:55","guid":{"rendered":"https:\/\/www.adminbyrequest.com\/?p=19599"},"modified":"2026-01-25T04:45:06","modified_gmt":"2026-01-25T04:45:06","slug":"guarding-health-data-lessons-from-the-ascension-cyber-attack","status":"publish","type":"post","link":"https:\/\/www.adminbyrequest.com\/en\/blogs\/guarding-health-data-lessons-from-the-ascension-cyber-attack","title":{"rendered":"Guarding Health Data: Lessons from the Ascension Cyber Attack"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

In May 2024, a big hack hit Ascension, a major player in the healthcare industry, and compromised electronic health records (EHR) and other systems across multiple states. This is a big reminder that healthcare needs robust cybersecurity, where patient data is the most sensitive.<\/p>\n

The Ascension Ransomware Hack: A Case Study<\/h2>\n

In May 2024, Ascension, one of the largest health systems in the US, got hit with a ransomware attack. EHR and other systems were down across multiple states, patient care and operations were impacted, but Ascension\u2019s facilities remain open. Nathan Eddy, a graduate of Northwestern University’s Medill School, talks cybersecurity in healthcare, bringing his IT security and journalism expertise to the table.<\/p>\n

Ascension used downtime procedures to keep patient care going during the outage, such as using paper records for clinical care and downtime procedures to ensure patient safety and protect patients’ sensitive information.<\/p>\n

The hack started with an employee downloading a malicious file. That allowed the attackers to get into the network. The ransomware spread quickly, locked down several file servers and potentially patient data. Ascension was hit with operational disruptions, including not being able to process credit card transactions at its pharmacies and delayed prescription refills.<\/p>\n

Emergency medical services were diverted as hospitals were experiencing system disruptions and had to prioritize patient safety.<\/p>\n

Ascension restored EHR access in many areas and is offering credit monitoring and identity theft protection to those affected. While it wasn\u2019t explicitly confirmed how far laterally the attackers moved in the network, the complexity of the attack suggests they likely did. Ascension is still working to restore systems like MyChart, so there are still operational challenges and recovery needs. They\u2019re committed to getting systems back and managing the aftermath of the hack.<\/p>\n

Electronic Health Record Vulnerabilities<\/h2>\n

Health systems\u2019 IT infrastructures are full of holes, making them a target rich environment for hackers. Common weaknesses include outdated software, no encryption, no access controls, and no staff training, all of which put sensitive information at risk. In the Ascension case, the hackers exploited these weaknesses to get in and escalate privileges in the network.<\/p>\n

Outdated Software<\/h4>\n

Many health systems run legacy software that\u2019s no longer supported or updated, so they\u2019re vulnerable to known exploits. In the Ascension hack, it\u2019s believed outdated operating systems and applications were a big factor. These systems didn\u2019t have the patches to defend against the latest threats, so the attackers had an easy way in.<\/p>\n

No Encryption of Sensitive Patient Data<\/h4>\n

Sensitive patient data on healthcare networks is often not encrypted. Once an attacker gets in, they can easily access and exfiltrate data. In the Ascension case, some of the files accessed were not encrypted so the hackers could read and potentially misuse sensitive data.<\/p>\n

No Access Controls<\/h4>\n

Healthcare organizations often have no access controls, which means once an attacker gets in, they can move laterally across the network with ease. In the Ascension breach, the lack of segmentation of network privileges allowed the hackers to escalate their access and compromise more systems. Proper access controls, like limiting user permissions and role-based access, would have mitigated this risk.<\/p>\n

No Staff Training<\/h4>\n

Human error is a major vulnerability in cybersecurity. Healthcare staff often don\u2019t have enough training to recognize phishing emails and other social engineering tactics. In the Ascension case, it\u2019s believed phishing emails were used to trick employees into downloading malware. Better training programs focused on cybersecurity awareness would have prevented this breach by reducing the success of phishing attacks.<\/p>\n

Privileged Access Management (PAM)<\/h2>\n

Privileged Access Management<\/a> (PAM) is a key component of any cybersecurity strategy, especially in healthcare. PAM solutions manage and monitor privileged accounts<\/a> so only authorized people have access to sensitive data and systems. By controlling and auditing access, PAM can prevent unauthorized activity and reduce the risk of breaches. For example, PAM could have stopped the attackers from moving laterally in Ascension\u2019s network and limited the damage.<\/p>\n

Cybersecurity in Healthcare Organizations and Providers<\/h2>\n

To protect healthcare data, organizations must do cybersecurity. Best practices include software updates, robust encryption, multi-factor authentication and continuous staff training on cybersecurity awareness. Plus regular security audits and penetration testing to identify and remediate vulnerabilities. Follow the relevant regulatory guidelines to comply and protect patient data during a breach.<\/p>\n

Healthcare organizations must also be ready to respond to a breach. That means having an incident response plan in place and communicating with the affected parties in a timely manner. Follow the relevant regulations to maintain operational transparency and protect patient data after a breach.<\/p>\n

Admin By Request: The Whole Solution<\/h2>\n

Admin By Request<\/a> offers a layered approach to cybersecurity to protect both SMBs and enterprises from advanced cyber threats. Our PAM solution addresses the vulnerabilities in the Ascension case by providing fine-grained access controls, real-time monitoring, and automated approval<\/a> workflows, while also utilizing downtime procedures to maintain operations during incidents. With Admin By Request, healthcare organizations can strengthen their security, comply with regulations, and protect sensitive patient data.<\/p>\n

Conclusion<\/h2>\n

The Ascension breach is a wake-up call to the importance of cybersecurity in healthcare. By knowing the common vulnerabilities and doing something about it, healthcare providers can protect their data and patient trust. Human services play a big role in bolstering cybersecurity measures as ransomware attacks disrupt healthcare operations and put sensitive patient data at risk. Admin By Request is here to support<\/a> these efforts with a PAM solution that secures and reduces the risk of future attacks.<\/p>\n

Nathan Eddy is a graduate of Northwestern University\u2019s Medill School. This article was informed by credible IT security reporting.<\/p>\n

<\/p>\n

<\/p>\n

Sources:<\/strong><\/p>\n

<\/p>\n

<\/p>\n

https:\/\/www.bleepingcomputer.com\/news\/security\/ascension-hacked-after-employee-downloaded-malicious-file\/<\/a>https:\/\/www.bridgemi.com\/michigan-health-watch\/ascension-owner-15-michigan-hospitals-confirms-cyberattack-was-ransomware<\/a><\/p>\n

<\/p>\n

<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

In May 2024, Ascension faced a major cyber attack, disrupting electronic health records across multiple states. Learn how healthcare vulnerabilities were exploited, and the critical steps needed to safeguard sensitive data.<\/p>\n","protected":false},"author":2,"featured_media":19600,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[83,90,351,129,148,367,366,81,82,67,174,68,79],"ppma_author":[9],"class_list":["post-19599","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogs","tag-cyber-attack","tag-cyber-criminal","tag-cyber-defense","tag-cyberattack","tag-cybersecurity","tag-encryption","tag-exploits","tag-healthcare","tag-malware","tag-pam","tag-privileged-access","tag-privileged-access-management","tag-ransomware","entry","has-media"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t