Ascension outage: Lessons for independent practices

Another cyberattack against a major healthcare player has created turbulence for the industry. In March, the Change Healthcare attack caused nationwide service interruptions, delaying claims and drug processing for thousands of patients and providers. The latest attack on Ascension healthcare led to widespread system outages, disrupting operations in multiple hospitals across the United States. 

The Ascension network is the largest non-profit US health system, operating more than 2,600 care sites, including 151 hospitals in 19 states. On Wednesday, May 8, Ascension healthcare detected unusual activity on select network systems. In response, Ascension took systems offline, resulting in outages affecting hospitals in multiple states. Reports indicate the attackers used Black Basta software, which uses phishing and other tactics to exploit network vulnerabilities. Several organizations have since issued warnings regarding Black Basta.

Cybercriminals target healthcare organizations because they possess information with high monetary value — and the attacks are on the rise. Here's an overview of the Ascension outage, along with safeguards that practices can put in place.

The Ascension network outage has affected hospitals, health workers, and patients. Many hospitals can’t access electronic health records (EHRs), lab results, and diagnostic images. Patients can’t access the Ascension portal, and Ascension pharmacies can’t process prescriptions. In some states, Ascension hospitals are diverting ambulances to nearby ERs.

In a May 15, 2024 update, Ascension healthcare said it’s working with cybersecurity experts Mandiant, Palo Alto Networks Unit 42, and CYPFER to investigate, restore, and rebuild after the cyberattack. The update states that safely restoring the system will take time, and they don’t have an estimate for completion.

Updates and state-specific webpages are on Ascension medical group’s cybersecurity event page.

The Ascension hospital outage reveals a critical need to enhance cybersecurity throughout the healthcare industry. Lessons learned from the Ascension outage can help independent practices improve their security profile and ensure resilience if affected by a cyber breach. 

Frequent audits allow you to discover and address cybersecurity vulnerabilities quickly before malicious actors can exploit them. Regular assessments provide an opportunity to make improvements as cyber threats evolve.

Educating your workforce is a powerful first line of defense in your cybersecurity arsenal.

Train employees in recognizing phishing attempts, safe browsing habits, robust password protocols, and other best practices. 

An incident response plan includes proactive measures, such as downtime training, detailed instructions for proceeding after a data breach, and other steps to mitigate damage from a cyber event. 

Investing in backup and recovery technologies can reduce outage downtime and protect against data loss in a cyberattack. 

The best time to invest in cybersecurity improvements is sooner rather than later. Here are some recommendations for independent practices.

Outdated software can have dangerous vulnerabilities. Implementing updates and newly released software patches promptly eliminates this point of attack.

Encryption changes how sensitive data is formatted, rendering it indecipherable to unauthorized users. Practices should encrypt data for network transmission (data in transit) and data stored on local servers or devices (data at rest).

Access controls restrict data privileges to specific users based on department or responsibilities. Configure access controls to remove old users and require strong passwords and complex credentials that can’t easily be replicated.  

A cybersecurity evaluation reveals your current risk level and existing vulnerabilities. 

You’ll want to assess your entire attack surface, including:

Once you’ve identified your practice’s risks, you can develop a plan to address them. 

Following the evaluation, make a list of concerns and solutions to address them. If budget or resources are an issue, determine the highest-priority issues to address. 

Suggestions for priority actions include:

If you have the resources, consider investing in advanced solutions such as intrusion detection and data backup systems. 

Routine training and refreshers generate an ongoing focus on cybersecurity. Use these to review best practices for data handling and encourage employees to use strong passwords, recognize phishing attempts, and report suspicious activity. 

Cybersecurity is an ongoing journey that requires vigilance and agility to stay ahead of emerging threats. The Ascension attack underscores why proactive measures are more effective than a reactive response. Independent practices are urged to take immediate action to strengthen their cybersecurity posture. 

Tebra’s ONC-certified platform helps independent practices enhance security, keeping practice and patient data safe. Learn more in a free demo today.