On May 8, 2024, Ascension Healthcare notified business partners of suspicious activity detected within their systems. They have launched investigations and are actively working on remediation efforts. Consequently, some systems will experience interruptions during this process, such as clinical operations. Ascension is currently working with a cybersecurity firm to investigate the compromise and whether sensitive data was affected, if at all.
Ascension has stated they will reach out to any business partners if impacted. Although the healthcare sector faced the targeting of Change Healthcare by ransomware threat actors earlier in 2024, there is currently no evidence connecting both incidents. However, Ascension partners should exercise caution and closely monitor updates, as the full extent of the compromise is still undetermined.
Recommendations
Temporarily Disconnect Services From Ascension Healthcare
Due to limited reporting and intelligence, the full implications of this intrusion are not fully known at this time. Out of an abundance of caution, as recommended by Ascension Healthcare in their communications, Arctic Wolf recommends that business partners of Ascension Healthcare temporarily suspend connections to their environment to prevent additional impact during the intrusion investigation.
All business partners of Ascension Healthcare are encouraged to coordinate with the organization directly to address any specific questions.
