Ascension Cyber Incident: Considerations for Your Health Entity
As Ascension and many of its 140 hospitals and 40 senior care facilities deal with the clinical care disruptions after a cyberattack, all clients are being advised to disconnect from Ascension as they address the incident.
Its network defenders took the network offline after “unusual activity” and noted “some systems” have been interrupted as the security team investigates with the support of Mandiant. Patients have detailed the paper processes, long care delays, and disruptions to their treatments, as well as pharmacy workflows and phone systems. Some report multiple departments being closed due to the downed network, while patient charts are being kept in binders.
While we as healthcare entities and vendors know this situation is increasingly more likely than ever before, a serious cyberattack levied against one of the largest nonprofit health systems in the US while providers are still recovering from the UnitedHealth Group and Change Healthcare disruptions is unspeakable.
First Health Advisory encourages all healthcare entities to be diligent. Review those response plans and ensure defenses are able to adapt. Health-ISAC is also an excellent place for resources and information pertaining to the current threat landscape, including the ongoing incident.
The Ascension outage serves as a reminder to review the October alert from the Department of Health and Human Services as to the importance of securing remote access and management software. While email has long been the primary target of cybercriminals, these actors have increasingly leveraged social engineering and remote desktop protocol applications to gain a foothold onto healthcare networks.
These attacks include vulnerability exploits and ransomware, levied through social engineering. Successful attacks against these vulnerable endpoints have historically had rippling effects for not just the victim organization, but for the connected business partners.
After the Change Healthcare incident, malicious actors are putting healthcare on notice. These actors are using social engineering techniques to try to capture credentials to then bypass the perimeter defense, be that through passwords or multi-factor authentication.
As noted by HHS last year, healthcare entities should prioritize:
- Strong authentication methods
- Regularly updating and patching software
- Implementing network segmentation
- Strong encryption
- Monitoring and logging remote access activities
- Implementing access controls and permissions
- Regularly reviewing and updating access permissions based on individual responsibilities and requirements
- Conducting regular security training and awareness programs
These cyberattacks against critical infrastructure should remind healthcare entities to be vigilant. Cybersecurity is patient safety, and all healthcare entities have a business and moral imperative to remain diligent in keeping patients safe.