So... who is next?  Because hospital IT security is obviously a shit show.

https://www.wmar2news.com/local/ascension-one-of-the-largest-healthcare-systems-is-under-a-cyberattack

05/08/2024

BALTIMORE — Ascension, one of the largest private healthcare systems in the U.S., is experiencing a cyberattack.

“At this time, we continue to investigate the situation," says Justin Blome, the director of marketing at Ascension Saint Agnes. "We responded immediately, initiated our investigation, and activated our remediation efforts.”

He goes on to say that "clinical operations have been interrupted" and the staff at Saint Agnes is fully prepared for these types of scenarios.

Ascension has tapped the shoulder of Mandiant, a cybersecurity firm, to help them play defense and fix the issue. Both companies are working together to ensure that no vital patient information has been compromised. Ascension says it will contact any person who may have been affected by the cyberattack.

To prevent any collateral damage, the healthcare company has told all its major partners to temporarily disconnect from the Ascension system until the attack is over.

05/10/2024

Cyberattack forces major US health care network to divert ambulances from hospitals

https://www.cnn.com/2024/05/10/tech/cyberattack-ascension-ambulances-hospitals/index.html

A major US health care system said Thursday that it is diverting ambulances from “several” of its hospitals following a cyberattack this week.

The cyberattack on Ascension, a St. Louis-based nonprofit network that includes 140 hospitals in 19 states, is also disrupting access to electronic health records, some phone systems and “various systems utilized to order certain tests, procedures and medications,” Ascension said in a statement distributed Thursday evening.

The sprawling health care network, which also owns 40 senior living facilities, said that it would be using “downtime procedure for some time,” because of the cyberattack. Downtime procedures are typically when health providers revert to backup processes, including paper records, that allow them to care for patients when computers are down.

Four sources briefed on the investigation told CNN that Ascension suffered a ransomware attack, in which cybercriminals typically try to lock computers and steal data for extortion. Those sources said that the type of ransomware used in the hack is known as Black Basta, which hackers have used repeatedly to attack health care organizations in recent years. Black Basta, also the name of a broad criminal group that uses the ransomware, includes Russian-speakers, according to the Department of Health and Human Services.

On Friday, the Health Information Sharing and Analysis Center, a cyber threat sharing group for big health care providers worldwide, published an advisory warning that hackers using Black Basta ransomware have “recently accelerated attacks against the healthcare sector.”

That includes at least two health care organizations in Europe and the US that in the last month have “suffered severe operational disruptions” because of Black Basta ransomware,” the advisory said, without naming the health care organizations.

News of the hack of Ascension broke on Wednesday, and Ascension has in the last 24 hours followed a familiar playbook for many American organizations that have been assaulted by cybercriminals. Ascension has notified federal authorities of the incident, hired prominent US cybersecurity firm Mandiant to recover from the incident and shut down systems to try to keep the incident under control.

Senior US officials have been in repeated contact with Ascension CEO Joseph Impicciche since the ransomware attack to understand how the hack might impact patient care, two sources familiar with the matter told CNN.

“We are actively supporting our ministries as they continue to provide safe, patient care with established downtime protocols and procedures, in which our workforce is well trained,” Ascension said in its statement Thursday evening.

It was not clear how many Ascension hospitals were sending ambulances to other locations because of the cyberattack. Ascension spokesperson Gene Ford did not respond to calls and emails seeking comment.

It’s only the latest major hacking incident that has hobbled a big US health care network and sent US officials scrambling to offer support.

A February ransomware attack on Change Healthcare, a subsidiary of health care giant UnitedHealth Group, caused billing disruptions at pharmacies across the US and threatened to put some health providers out of business. A third of Americans may have had their personal data swept up in the hack, UnitedHealth CEO Andrew Witty estimated in testimony to Congress this month. UnitedHealth paid a $22 million ransom to the cybercriminals to try to protect patient data, Witty said.

That Change Healthcare hack incensed US lawmakers and prompted questions across the federal government about the vulnerability of America’s health care system to disruptive cyberattacks with cascading impacts — questions that the cyberattack on Ascension will do nothing to assuage.

A ransomware attack?

Mandiant are good people and will be able to give the company an idea of why their database was attacked.

No backups?

It was the source of much chatter in my system today.

My wife is at an Ascension hospital right now and their system has been down for the past 5 days.

My son was at U of M hospital in Ann Arbor today and he texted me that their system was down also.

Hmmm... I sense a career opportunity. Likely going to be some vacant ciso and cio positions soon...

We are getting their patients. They are on diversion.

If only they hired a few more redundant vice presidents, this all could have been avoided.

Goddammit. I dint think theyre one of our customers.

So many massive enterprises cheap the fuck out on data security for critical shit.


IM LOOKING AT YOU USAA….. not maintaining a pre-live environment. Then fucking up a cloned prod to test an upgrade but not disconnecting the two and fucking up a month of data

lets just say ITS BEEN BRUTAL.

Going to become more common with Change Healthcare paying the ransom earlier this year.

.gov mandated EMR.

Yeah we shut down some tunnels yesterday because of this.

CIO = Career Is Over

CISO = Career Is So Over

Why can't they pay the ransom and the world government track it and go scorched earth skull fucking on the hackers?

The hospital system I used to work for was hit in one of these attacks. Thankfully I missed the first week due to being on vacation for muzzleloader elk season.

These ransomware and scammer types should be hunted down and killed. Letters of marquee and reprisal for all!

I'd be willing to go TDY to shoot some Nigerians, Indians, Chinamen, or whoever in the face.

Their president deserves a 40% raise for recognizing they are under attack.

As a patient or working? If a patient if at all possible get her out now to somewhere that is operational!

We'd likely end up going to war with Russia.

I hear there is a bunch of spare US ordnance that recently became available.

At this point let's do it. I'm not saying the US is innocent in foreign affairs, but fucking with healthcare is universally not beneficial to mankind.

Change is not in good shape. They've been down for months

St Francis in Tulsa got hit

haggled with the perps over the ransom.

paid them, ended the attack

FBI was pissed at them for negotiating with them without the FBI being involved and then paying the ransom.

ARDENT got hit was down for 4-6 weeks. canceling surgeries, procedures..etc.

I've put in 12 hours of OT in the past 3 days and have to go in tomorrow and possibly sunday.
words cannot adequately explain the pile of shit this has caused where I work.

Is this related to Ascension's decision to hire ~500 H1B workers over the past few years?  

absolutely.
their IT dept made me want to throw cats into lawnmowers some days.

Ascension outsourced their entire IT department years ago to save money. This is absolutely hilarious and I hope the CIO and CEO have to pay back the bonuses I'm sure they got for such a brilliant decision.

HeatMan  (@HeatMan1010) May 10, 2024

Lack of nurses.

Doctors are owned by the AMA and CDC and hospital owners.

Big pharma bribing and lying.

Processed foods.

Virtually no digital security.  (Hippa LOL)

Illegals flooding the system and not paying a dime.

That is where we are.

1. Ascension management decided to fire the Americans, and give control of their financial/medical systems to cheap Indian workers.  
2. Now the Russian group (Black Basta) has hijacked Ascension systems from the Indians.  
3. Most of Ascension's business operations have been shut down since Thursday.  

My only question is: why is anyone surprised about #2 and #3?

Yet another healthcare system that cut every possible corner on their IT infrastructure, and is going to get fucked hard and proper as a result.

Was told by someone that works at one of there hospitals the younger nurses are lost because all they know is doing everything electronically.

Meh. UHS got hit a few years ago and we ran the hospitals without computers for almost a month. Big deal.

actually its more than just Ascension. its also business partners with integrated systems.
it was all locked down on Wednesday.

I've put in almost 60 hours so far.

I would just like everyone to know that I have a 100% BeSafe rating at my facility on their own internal checks and balances/tests of my personal email use there.

it wasn't me who let the team down.

actually I always think its down with a Mole on the inside of the IT program.

thats what downtime forms are for.  Its operational,  just impacted.  We're so tied into EMRs it just makes things more difficult/slower than usual.  Definitely not anywhere close to ideal but able to function.

They offshored their IT to India a few years ago.  Surprise, surprise, surprise.

I don’t get anything when I google ciso, but this is their cio.  

https://about.ascension.org/en/our-work/ascension-technologies/gagan-singh

Attached File

Was it Mr. Singh who decided to outsource the IT department?

Did they get replaced by Wipro?

The aftermath of this (as J. Gallagher used to say) is gonna be fuck-n-funny.

While my place has "downtime" procedures, I'll tell you...it's a spare tire at best.  It ABSOLUTELY negatively impacts patient care on a widespread level.  From lab, to radiology, to medical records.  We went down for 2 days after a hurricane and were dealing with the repercussions for 6 months.  Modern healthcare can't run without computers anymore than a huge airport can just "go paper".

https://www.healthcaredive.com/news/ascension-current-chief-data-officer-new-cio-gagan-singh/624652/

Shit happens when you fire your top third to bring in cheap H1B's to make the balance sheet better for the merger. Couple that with their DR being mostly theoretical and pie in the sky, to boot. Been tracking somewhat with some former co-workers, and all I can say is they get what they deserve, it's a shame they fucked everyone else with their money grab.

Nowhere I've ever worked is even remotely efficient during downtime. Important therapies and drugs are often delayed or missed.

A lot of the downtime forms I've seen are horribly inefficient printouts of electronic forms that are nearly unreadable due to being long and awkward. Going into downtime isn't a shift back to when there was an efficient paper process. It's a total shit show.

Difficult and slower is a big fucking deal when caring for critically ill patients.

I'd like to see the leadership of these organizations that replace competent Americans with shitty third worlders to save a buck in the short term be punished appropriately. It won't happen of course.

And that’s just for current operations. It’s impossible to look up most patient histories when the emr is down. Right now Ascension is telling their employees that systems will be down for the next two weeks. Anything elective is getting canceled and anything serious is getting diverted



U of M downtime is unrelated.

Ascension's CIO has only a bachelor's degree from India's GNDU?   LOL.  

US News ranked GNDU #1771 of 2000 international colleges.
https://collegedunia.com/university/25784-guru-nanak-dev-university-gndu-amritsar/ranking  

^ exactly.  

Ascension fired 650+ Americans in 2021, and replaced them with 500+ cheap H1B and Tech Mahindra contract workers.  
https://www.stltoday.com/news/local/business/ascension-technologies-to-lay-off-651-out-of-state-workers/article_85aae611-0845-5dca-89ee-ecb8603cb7e5.html  

In the last year or so, they replaced most of the Tech Mahindra workers with even cheaper Deloitte contract workers.  


Their next step will be to hire another cheap Indian company that sells them a plan for cleaning up this mess.  

having been an Ascension employee at one time, this should come as no surprise from that level of decision making.

that company destroys good hospitals.

I cannot adequately explain the difficulty of dealing with Ascension IT service and problem troubling shooting.
the folks are the local hospitals are pretty good, but anything dealing with outside those parameters caused our life to be hell.

Something like 80% of companies pay the ransom

That happened Thursday..... its been a shit show for them.

https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware

The U.S. Justice Department unsealed charges today against a Russian national for his alleged role as the creator, developer, and administrator of the LockBit ransomware group from its inception in September 2019 through the present. At times, LockBit was the most prolific ransomware group in the world.

Khoroshev allegedly acted as the LockBit ransomware group’s developer and administrator from its inception in or around September 2019 through May 2024. Khoroshev and his affiliate coconspirators, grew LockBit into what was, at times, the most active and destructive ransomware variant in the world. The LockBit ransomware group attacked more than 2,500 victims in at least 120 countries, including 1,800 victims in the United States. LockBit victims included individuals, small businesses, multinational corporations, hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies. Khoroshev and his co-conspirators extracted at least $500 million in ransom payments from their victims and caused billions of dollars in broader losses, such as lost revenue, incident response, and recovery.

n addition, as previously announced, law enforcement developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Victims targeted by this malware are encouraged to contact the FBI at https://lockbitvictims.ic3.gov/ to enable law enforcement to determine whether affected systems can be successfully decrypted.