Ascension Details

    Organization Logo

    Ascension

    St. Louis, MO142000 employees • Health Care and Social Assistance

    Industry

    Health Care and Social Assistance

    Security Incidents

    1

    Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by number of hospitals as of 2019. It was founded as a nonprofit Catholic healthcare network in 1999. Ascension also runs a pharmacy system as well as delivery under AscensionRx.

    Security Incidents

    Ascension Breach of May 2024
    Severity Score
    Significant to High

    Type

    Other

    Summary

    The Ascension health system, which manages 140 hospitals across 19 states, experienced a significant cyberattack that was discovered on a Wednesday. This breach led to the shutdown of their electronic health records (EHR) and patient portals, causing notable disruptions like the diversion of ambulances and numerous missed appointments due to inaccessible medical records. Investigation revealed that the incident stemmed from an employee inadvertently downloading a malicious file. The attack impacted critical systems, including MyChart, phone lines, and those for ordering tests and procedures, f...
    Show more

    Severity

    The cyberattack on Ascension, the nation's largest Catholic health system, was highly impactful. Sophisticated ransomware, identified as Black Basta, managed to disrupt technological systems across 140 hospitals, which led to the postponement of elective procedures and rerouting of ambulances. Although initial investigations suggest only a small number of file servers were breached—potentially exposing PHI and PII—and not the core Electronic Health Records, the attack significantly compromised healthcare delivery and patient trust. Given the scope of disruption, the sophistication of the ranso...
    Show more

    Impact

    The recent cyberattack on Ascension, the nation's largest Catholic health system, resulted in a significant disruption of their technological infrastructure across all 140 hospitals. This incident, which likely involved Black Basta ransomware, forced the postponement of elective procedures, tests, and appointments due to the paralyzation of key systems like electronic health records and patient portals. While attackers managed to exfiltrate data from a small number of file servers, potentially affecting some Protected Health Information (PHI) and Personally Identifiable Information (PII), ther...
    Show more