Ascension, one of the largest health systems in the country, recently revealed that a ransomware attack on its systems was due to a worker accidentally downloading a malicious file. The health system emphasized that this was likely an honest mistake. Importantly, Ascension noted there is no evidence that data was taken from their Electronic Health Records (EHR) or other clinical systems, where full patient records are securely stored.
However, the attackers managed to access files containing Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. With the help of third-party cybersecurity experts, Ascension has gathered evidence indicating that the attackers extracted files from a small number of file servers used primarily for daily tasks by its associates. These servers represent seven out of approximately 25,000 servers across Ascension’s network.
Currently, Ascension is uncertain about the specific data affected and the identities of the impacted patients. To determine this, a comprehensive review and analysis of the compromised files is underway. Ascension has started this process, but it is a substantial task that will require significant time to complete.
As a precaution, Ascension is offering complimentary credit monitoring and identity theft protection services to any patient or associate who requests it. Those interested can call the dedicated call center at 1-888-498-8066.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: