The Intake

Insights for those starting, managing, and growing independent healthcare practices

Ascension outage: Lessons for independent practices

The recent cyberattack on Ascension highlights critical cybersecurity lessons and practical steps for independent practices to take to protect their operations and patient data.

Ascension outage: Lessons for independent practices

At a Glance

  • The May 8, 2024 cyberattack on Ascension led to widespread system outages, severely disrupting hospital operations across multiple states
  • Ascension is collaborating with cybersecurity experts to investigate, restore, and rebuild their systems
  • Lessons learned from the Ascension outage can help independent practices improve their security profile and ensure resilience if affected by a cyber breach

Another cyberattack against a major healthcare player has created turbulence for the industry. In March, the Change Healthcare attack caused nationwide service interruptions, delaying claims and drug processing for thousands of patients and providers. The latest attack on Ascension healthcare led to widespread system outages, disrupting operations in multiple hospitals across the United States. 

The Ascension network is the largest non-profit US health system, operating more than 2,600 care sites, including 151 hospitals in 19 states. On Wednesday, May 8, Ascension healthcare detected unusual activity on select network systems. In response, Ascension took systems offline, resulting in outages affecting hospitals in multiple states. Reports indicate the attackers used Black Basta software, which uses phishing and other tactics to exploit network vulnerabilities. Several organizations have since issued warnings regarding Black Basta.

Cybercriminals target healthcare organizations because they possess information with high monetary value — and the attacks are on the rise. Here's an overview of the Ascension outage, along with safeguards that practices can put in place.

The attack’s impact on services and patients

The Ascension network outage has affected hospitals, health workers, and patients. Many hospitals can’t access electronic health records (EHRs), lab results, and diagnostic images. Patients can’t access the Ascension portal, and Ascension pharmacies can’t process prescriptions. In some states, Ascension hospitals are diverting ambulances to nearby ERs.

Ascension’s response

In a May 15, 2024 update, Ascension healthcare said it’s working with cybersecurity experts Mandiant, Palo Alto Networks Unit 42, and CYPFER to investigate, restore, and rebuild after the cyberattack. The update states that safely restoring the system will take time, and they don’t have an estimate for completion.

Updates and state-specific webpages are on Ascension medical group’s cybersecurity event page.

Lessons learned from the Ascension outage

The Ascension hospital outage reveals a critical need to enhance cybersecurity throughout the healthcare industry. Lessons learned from the Ascension outage can help independent practices improve their security profile and ensure resilience if affected by a cyber breach. 

Regular security audits and assessments are a must

Frequent audits allow you to discover and address cybersecurity vulnerabilities quickly before malicious actors can exploit them. Regular assessments provide an opportunity to make improvements as cyber threats evolve.

Employees need cybersecurity training 

Educating your workforce is a powerful first line of defense in your cybersecurity arsenal.

Train employees in recognizing phishing attempts, safe browsing habits, robust password protocols, and other best practices. 

Organizations should have a comprehensive incident response plan

An incident response plan includes proactive measures, such as downtime training, detailed instructions for proceeding after a data breach, and other steps to mitigate damage from a cyber event. 

Robust backup and recovery systems are essential

Investing in backup and recovery technologies can reduce outage downtime and protect against data loss in a cyberattack

How independent practices can improve cybersecurity in the short and long term 

The best time to invest in cybersecurity improvements is sooner rather than later. Here are some recommendations for independent practices.

Keep software up-to-date

Outdated software can have dangerous vulnerabilities. Implementing updates and newly released software patches promptly eliminates this point of attack.

Utilize data encryption and access controls

Encryption changes how sensitive data is formatted, rendering it indecipherable to unauthorized users. Practices should encrypt data for network transmission (data in transit) and data stored on local servers or devices (data at rest).

Access controls restrict data privileges to specific users based on department or responsibilities. Configure access controls to remove old users and require strong passwords and complex credentials that can’t easily be replicated.  

Evaluate your current cybersecurity posture

A cybersecurity evaluation reveals your current risk level and existing vulnerabilities. 

You’ll want to assess your entire attack surface, including:

  • Password protocols 
  • Access management
  • Network infrastructure
  • Data protection
  • Incident response plan

Once you’ve identified your practice’s risks, you can develop a plan to address them. 

Implement cybersecurity changes

Following the evaluation, make a list of concerns and solutions to address them. If budget or resources are an issue, determine the highest-priority issues to address. 

Suggestions for priority actions include:

  • Continuously monitor network activity
  • Implement all software updates and patches
  • Create strong password policies
  • Use multi-factor authentication
  • Schedule routine staff trainings

If you have the resources, consider investing in advanced solutions such as intrusion detection and data backup systems. 

Foster practice-wide security awareness

Routine training and refreshers generate an ongoing focus on cybersecurity. Use these to review best practices for data handling and encourage employees to use strong passwords, recognize phishing attempts, and report suspicious activity. 

Strengthening resilience against future threats

Cybersecurity is an ongoing journey that requires vigilance and agility to stay ahead of emerging threats. The Ascension attack underscores why proactive measures are more effective than a reactive response. Independent practices are urged to take immediate action to strengthen their cybersecurity posture. 

Tebra’s ONC-certified platform helps independent practices enhance security, keeping practice and patient data safe. Learn more in a free demo today.

Get the playbook
Subscribe to The Intake:
A weekly check-up for your independent practice

Amantha May, freelance healthcare writer

Amantha May is a freelance healthcare writer specializing in health tech, primary care, and health equity. She has written for a large range of clients, including medical equipment manufacturers, large health systems, digital health entrepreneurs, and private practices.

Get expert tips, guides, and valuable insights for your healthcare practice