Ascension, eines der größten privaten US-Gesundheitssysteme, informiert fast 5,6 Millionen Patienten und Mitarbeiter darüber, dass ihre persönlichen Daten und Gesundheitsdaten bei einem Cyberangriff im Mai im Zusammenhang mit der Ransomware Black Basta gestohlen wurden.
Das Gesundheitsnetzwerk verzeichnete im Jahr 2023 einen Gesamtumsatz von $28,3 Milliarden und betreibt 140 Krankenhäuser und 40 Senioreneinrichtungen in den Vereinigten Staaten.
The company now mails data breach notifications to 5,599,699 affected individuals via the United States Postal Service. Starting Thursday, December 19, Ascension also offers affected people 24 free months of IDX identity theft protection services, including CyberScan monitoring and a $1,000,000 insurance reimbursement policy.
Ascension sagt, dass es die Strafverfolgungsbehörden und Regierungspartner wie CISA und das FBI über den Verstoß informiert hat, nachdem der Angriff am 8. Mai entdeckt wurde.
“Upon discovering the unauthorized activity, we initiated an investigation with the assistance of leading cybersecurity experts,” Ascension states in the breach notification letters. “Through this investigation, we found evidence that on May 7 and 8, a cybercriminal obtained a copy of certain files containing personal information of our patients and associates.”
Seit dem Einbruch hat die Untersuchung von Ascension ergeben, dass einige der gestohlenen Dateien Namen und Informationen von Patienten und Mitarbeitern aus einer oder mehreren der folgenden Kategorien enthielten (die spezifische Art der offengelegten Informationen variiert von Person zu Person):
- Medizinische Informationen, wie z. B. Krankenaktennummern, Leistungsdaten, Arten von Labortests oder Verfahrenscodes,
- Zahlungsinformationen, die Kreditkarteninformationen oder Bankkontonummern umfassen,
- Versicherungsinformationen, die Medicaid/Medicare-IDs, Versicherungsnummern oder Versicherungsansprüche enthalten,
- Staatliche Identifikationsdaten, einschließlich Sozialversicherungsnummern, Steueridentifikationsnummern, Führerscheinnummern oder Passnummern,
- Und andere persönliche Informationen, wie Geburtsdaten oder Adressen.
After the incident, Ascension revealed that the ransomware breach was caused by an employee who downloaded a malicious file onto a company device. However, it believes this was likely an “honest mistake,” given that the employee thought they were downloading a legitimate file.
The ransomware attack impacted Ascension’s MyChart electronic health records system, phones, and systems for ordering tests, procedures, and medications. It also forced the healthcare giant to take some devices offline on May 8 to contain what it initially described as a “cyber security event.”
Following the incident, Ascension employees had to keep track of procedures and medications on paper, as they could no longer access patients’ electronic records. The company also had to pause some non-emergent elective procedures, tests, and appointments and divert emergency medical services to other healthcare units to prevent triage delays.
While the healthcare giant has yet to link the May attack to a ransomware operation, CNN linked the Black Basta cybercrime gang to the incident (the ransomware group has yet to add Ascension to its data leak site). Days after the breach, the Health Information Sharing and Analysis Center (Health-ISAC) also warned that Black Basta “has recently accelerated attacks against the healthcare sector.”
Since the operation emerged in April 2022, Black Basta has breached the networks of many high-profile victims, including German defense contractor Rheinmetall, outsourcing giant Capita, U.S. government contractor ABB, and the Toronto Public Library.
Joint research from Elliptic and Corvus Insurance shows that the ransomware gang collected over $100 million from more than 90 victims until November 2023.
