Ascension, a leading healthcare provider, has made significant progress in its investigation and recovery efforts following a recent cyberattack. With the help of third-party cybersecurity experts, Ascension has identified the extent of the Ascension cyberattack and the steps needed to protect affected individuals. Ascension reports that attackers managed to steal files from a few servers within its network. Specifically, seven out of approximately 25,000 servers, primarily used by associates for daily tasks, were compromised. These servers might contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. "We now have evidence that attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks. Though we are still investigating, we believe some of those files may contain PHI and PII for certain individuals, although the specific data may differ from individual to individual," said an Ascension spokesperson.

What Caused Ascension Cyberattack?

The cyberattack on Ascension was traced back to an innocent mistake by an employee who accidentally downloaded a malicious file, mistaking it for a legitimate one. "We have also identified how the attacker gained access to our systems. An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake," informed the spokesperson. This incident highlights the importance of continuous cybersecurity training and vigilance among all employees to prevent such occurrences in the future. Ascension has assured its patients and associates that there is no evidence suggesting any data was taken from the Electronic Health Records (EHR) system or other clinical systems where comprehensive patient records are securely stored. This means the most sensitive health information remains uncompromised, providing some relief amidst the ongoing investigation.

Ongoing Review and Protective Measures

Ascension is currently conducting a detailed review and analysis of the potentially impacted files to determine precisely what data was affected and identify the individuals involved. This meticulous process is expected to take considerable time due to the volume and complexity of the data. In the meantime, Ascension is taking proactive steps to protect its patients and associates. The healthcare provider is offering free credit monitoring and identity theft protection services to all patients and associates, regardless of whether their data is eventually found to be compromised. This service is intended to provide immediate peace of mind and mitigate potential risks from the Ascension data breach. Individuals who wish to enroll in these protective services are encouraged to contact Ascension's dedicated call center at 1-888-498-8066.

Commitment to Transparency and Legal Compliance

Ascension remains committed to transparency throughout this investigation. While specific details regarding whether an individual's data was affected cannot be provided, Ascension pledges to follow all applicable laws and regulations related to data breach notifications. "We encourage all Ascension patients and staff who are concerned to take advantage of these services. We want to be clear that this offer does not mean we have determined that any specific individual patient’s data has been compromised. Rather, it illustrates our desire to do everything possible to reassure our patients and associates, regardless of any impact to specific individuals’ data," the spokesperson explained. "Once our data analysis is complete, we are committed to following all applicable laws and regulations to notify affected individuals and the appropriate regulatory bodies. To our patients, associates, and the communities we serve, we regret any disruption or concern you may have experienced as a result of this incident," the spokesperson added.

Background and Impact of Cyberattack on Ascension

On May 10, The Cyber Express reported that Ascension faced disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. Operating in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts a significant workforce of 8,500 providers, 35,000 affiliated providers, and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion. Given its substantial revenue and widespread operations, the impact of this cyberattack was significant. The organization detected unusual activity on select technology network systems, prompting an immediate response, investigation initiation, and activation of remediation efforts. Due to the cyberattack, Ascension advised its business partners to temporarily sever connections to its systems as a precautionary measure and stated it would notify partners when it is safe to reconnect. The cyberattack on Ascension disrupted clinical operations, prompting an investigation into the extent and duration of the disruption.

The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical giants including Novartis and GlaxoSmithKline disclose personal and health information data leaks stemming from the February breach incident. Cencora Inc., formerly recognized as AmerisourceBergen, and its Lash Group affiliate announced in a February filing with the Securities and Exchange Commission (SEC) that the company faced a cybersecurity incident where “data from its information systems had been exfiltrated.” Cencora is a major pharmacy company with over 46,000 employees and approximately $262.2 billion in revenue in 2023. Based in Pennsylvania, it operates in around 50 countries globally. The popular American drug wholesaler did not disclose the extent of the data breach in its February SEC filing but did confirm at the time that some of the data exfiltrated in the attack could contain personal information. Last week, however, Cencora and The Lash Group clients began notifying state Attorneys General about a data breach that stemmed from the February cybersecurity incident at Cencora. At least 15 pharmaceutical companies reported that the personal data of hundreds of thousands of individuals were compromised. Notifications identified the following affected companies:

• AbbVie Inc.
• Acadia Pharmaceuticals Inc.
• Bayer Corporation
• Bristol Myers Squibb Company and Bristol Myers Squibb Patient Assistance Foundation
• Dendreon Pharmaceuticals LLC
• Endo Pharmaceuticals Inc.
• Genentech, Inc.
• GlaxoSmithKline Group of Companies and the GlaxoSmithKline Patient Access Programs Foundation
• Incyte Corporation
• Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.
• Novartis Pharmaceuticals Corporation
• Pharming Healthcare, Inc.
• Regeneron Pharmaceuticals, Inc.
• Sumitomo Pharma America, Inc. / Sunovion Pharmaceuticals Inc.
• Tolmar

State Attorneys General often announce data breaches without specifying the number of affected people but AG’s office in Texas does disclose the number impacting the state residents. Based on these partial numbers, at least 542,000 individuals seem to be impacted from the Cencora data breach, till date. The Cyber Express reached out to Cencora for confirming the total number of individuals impacted to understand the full extent of the data breach but did not receive any communication till the time of publishing the article.

Cyber Forensic Findings from the Cencora Data Breach

Cencora detected the cyberattack on February 21, and took immediate action to contain and prevent further unauthorized access. Based on the investigation that likely concluded in April, Cencora said personal information including first name, last name, address, date of birth, health diagnosis, and medications and prescriptions was compromised in the attack. AmerisourceBergen Specialty Group (ABSG), a unit of Cencora, said Friday the breach involved data of a prescription supply program run by the now defunct subsidiary, Medical Initiatives Inc. Further details on how the supply program was exploited remain unclear. U.S. has been rocked by a host of cybersecurity breaches linked to the healthcare industry in recent days. While Change Healthcare cyberattack was one of the most notable ones, the Medstar and Ascension breaches have displayed the vulnerability of the healthcare sector to cyberattacks. The latest in the list of healthcare data breaches is the Sav-Rx data breach that compromised the health data of more than 2.8 million people. Cencora’s investigation, however, found no connection with other major healthcare cyberattacks and, in its notifications, said they were unaware of any actual or attempted misuse of the stolen data. The company said it has not seen any public disclosure of the stolen data, till date. The affected individuals have been offered 24 months of credit monitoring and identity theft remediation services at no cost and steps have also been taken to harden defenses to prevent such security breaches in the future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.