Ascension restores health systems after month-long hack, cybersecurity expert gives advice
MILWAUKEE, Wis. (CBS 58) -- One of the nation's largest chains of Catholic hospitals is back up and running after a cyberattack reported at Ascension in early May, affected many clinical operations for about a month.
On Friday, Ascension issued out a statement saying their electronic health record (EHR) access has been restored. This means patients should see improved efficiencies in appointment scheduling, wait times for appointments and prescription fulfillment.
Cyber security expert Alex Holden, who is the Chief Information Security Officer at Hold Security LLC, told CBS 58 News he was one of thousands of people affected by Ascension's latest ransomware attack, which impacted electronic health records, phones, and systems used to order tests, procedures and medications.
"I can change my credit card number if it's stolen, or my bank account information, but my health condition, unfortunately, tends to stay with me for the rest of my life," Holden explained. "Most of us go to Ascension, so I'm very concerned about my personal information as much as everybody else."
Ascension revealed their latest hack was caused by an employee who "accidentally downloaded a malicious file that they thought was legitimate." In a statement released on Wednesday, the company also said they "have no reason to believe this was anything but an honest mistake."
In addition, Ascension has also revealed that attackers were able to take files from some file servers used by their associates, primarily for daily and routine tasks, adding that:
"These servers represent seven of the approximately 25,000 servers across our network. Though we are still investigating, we believe some of those files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual."
So far this year, the U.S. Department of Health and Human Services reports more than 200 breaches in healthcare companies affecting at least 500 patients. In Wisconsin, at least two other large companies were hacked.
"We are unfortunately, easily fooled, so a lot of cyberattack(s) happen today to take advantage of our goodwill," Holden added.
Change Healthcare, the owner of UnitedHealth Group, recently admitted to paying cybercriminals a $22 million ransom after their company was targeted in February.
"And they would send their medical records to a doctor, with a malicious software in it," Holden explained.
Holden told CBS 58 News individuals as well as corporations, have to keep up with technology by updating security measures and simply being more aware.
"We need to expect the bad guys to go through the email, for example, and clicking on certain malicious links should be a big thing to prevent," he said.
Ascension said at the moment, they do not know exactly what data was breached but, in the meantime, their website states:
"...to provide our patients and associates with the greatest peace of mind possible, we are offering complimentary credit monitoring and identity theft protection services to any Ascension patient or associate who requests it, free of charge, and regardless of whether we determine in the future that their data was actually involved in this incident."
Patients who wish to enroll in free credit monitoring and identity theft protection services should call their dedicated call center at 1-888-498-8066.