Cyber Incident Victim: Ascension
Date:
May 2024
Location:
United States of America
Summary
A major U.S. healthcare system experienced a cybersecurity incident causing widespread operational disruptions across hospitals in multiple states, including Wisconsin, Michigan, and Florida. Clinical operations were severely impacted, forcing staff to rely on paper records for patient care, medical histories, lab results, and prescriptions due to system outages. The organization initiated an investigation with cybersecurity consultants to assess potential data compromise while maintaining emergency services. This incident aligns with escalating cyber threats targeting healthcare infrastructure, following recent high-profile attacks on critical industry payment systems that jeopardized patient data and care continuity nationwide.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 7 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 8, 2024, Ascension, a major U.S. healthcare system operating 140 hospitals, detected unusual activity on select technology networks. By May 9, the organization confirmed this activity as a cybersecurity event, prompting an immediate investigation and activation of remediation efforts. The attack forced Ascension to sever connections to its online systems, causing widespread operational disruptions across its facilities in Wisconsin, Michigan, Florida, and other states. Clinical operations were significantly impacted, with healthcare workers losing access to Epic—the electronic health record system used for storing patient medical histories, lab results, and radiology data. This disruption necessitated a return to paper-based record-keeping for tracking patient conditions, ordering procedures, and writing prescriptions. Ascension engaged cybersecurity firm Mandiant to assist in determining the scope of the breach and whether sensitive information was compromised, pledging to notify affected individuals if necessary.
The cyberattack paralyzed critical hospital functions, with staff describing the situation as "like the 1980s or 1990s" due to the reliance on manual processes. Physicians could not view prior test results or medical histories, while communication between departments reverted to phone calls and physical document transfers. Ascension Wisconsin and Michigan facilities diverted medically stable ambulance patients to other hospitals to reduce strain, though unstable patients requiring lifesaving care continued to be accepted. Employees reported the network outage began around 7 a.m. on May 8, with systems still offline the following day. Clinicians expressed concerns about increased risks of adverse events during prolonged downtime, citing evidence linking manual workflows to higher error rates. The incident occurred amid heightened scrutiny of healthcare cybersecurity following the February 2024 Change Healthcare ransomware attack, which UnitedHealth Group’s CEO testified had affected one-third of Americans. Ascension’s breach further highlighted a trend of rising third-party vendor breaches, which tripled between 2019 and 2023, exposing 144 million Americans’ medical data in 2023 alone.