Ascension cyberattack: Electronic health records restored, but probe continues

A month after suffering a ransomware attack, Ascension says it has completely restored electronic health records across the entire system.

Ascension said as of Friday morning, all hospitals and healthcare locations had regained full access to their digital medical records.

“This means that clinical workflow in our hospitals and clinics will function similarly to the way it did prior to the ransomware attack,” the system said in a statement. “This also means patients should see improved efficiencies in appointment scheduling, wait times for appointments and prescription fulfillment.”

However, Ascension says it continues to work to restore some systems, and the organization says the investigation remains ongoing.

Nonetheless, the full restoration of the electronic health records marks an important milestone in Ascension’s recovery from the cyberattack, which was first discovered May 8. Ascension has said the attack affected patient care for weeks after the discovery of the breach, with some hospitals diverting ambulances and patients seeing longer waits at clinics. Some non-emergency surgeries, appointments and tests were postponed, the system said.

• Read more: Change Healthcare cyberattack shows ‘no one is immune’

Ascension advises patients that due to high volume, provider responses to messages on patient portals may be delayed. Ascension also says some information collected between May 8 and the restoration of electronic health records may not be available right away.

The health system also says it appears to have identified the source of the breach. Ascension said last week that an Ascension employee inadvertently downloaded a malicious file that was thought to be authentic.

“We have no reason to believe this was anything but an honest mistake,” the system said last week.

Ascension says it appears the attackers removed files from seven of the system’s roughly 25,000 servers across the health system. Ascension said last week that some of those files may include private health information, as well as other information that could identify patients.

The health system says it doesn’t know what data was taken. Ascension has said that there is no evidence information was stolen from electronic health records or other clinical systems. The organization said it is analyzing the files that may have been exposed.

“While we have started this process, it is a significant undertaking that will take time,” Ascension said last week.

Cybersecurity experts have said that the healthcare industry trails other sectors in their ability to repel and recover from ransomware attacks. Keith Forrester, practice manager of strategy and risk services at Optiv, a cybersecurity company, told Chief Healthcare Executive® that hospitals and health systems need to do a better job in training employees on cybersecurity and spotting suspicious emails.

Experts such as Forrester say healthcare employees need to view cybersecurity as an important step to protect patients. Forrester said that attackers are using more polished and sophisticated messages, and they are using AI tools to avoid some of the spelling and grammar miscues that made some phishing attempts easier to detect.

Still, Forrester said, “Ransomware can be stopped because we know where it's coming in. It's coming in through the phishing, and users clicking on bad links.”

Ascension says it has been working with law enforcement agencies and leading cybersecurity experts to investigate the breach and restore systems.

The health system says it is offering credit monitoring and identity theft protection to any patients and staff who request it, even if it turns out their data wasn’t exposed in the breach. (For information, contact Ascension’s call center at 1-888-498-8066).

Based in St. Louis, Ascension operates 140 hospitals, 40 senior centers, and many clinics in 19 states and Washington, D.C.

Scores of cyberattacks aimed at hospitals, vendors and other healthcare organizations affected more than 100 million Americans in 2023.

A ransomware attack of Change Healthcare earlier this year has affected hospitals and healthcare providers nationwide. UnitedHealth Group, Change Healthcare’s parent company, has said a large number of Americans are likely to have been affected by the attack.