Country’s largest Catholic hospital chain hit with cyberattack

May 9, 2024

Ascension Health announced Thursday it had been hit with a cyberattack, just months after data was stolen from a third of the country in a separate breach.

In a statement Thursday, Ascension said it detected unusual activity on “select technology network systems” on Wednesday, May 8, which is now believed to be a cybersecurity threat.

Ascension Health is one of the largest hospital chains in the country, and the largest Catholic hospital chain.

The organization will continue to investigate the situation, but teams responded immediately to activate “remediation efforts.”

Some systems’ access has been interrupted, the company said.

“Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible,” the statement said.

The company said there has been a disruption to clinical operations and it is assessing the impact and duration of the disruption.

The Catholic hospital chain brought in Mandiant, a third-party cybersecurity expert, to assist in the investigation, Ascension said.

“Together, we are working to fully investigate what information, if any, may have been affected by the situation,” the company said.

If sensitive information has been leaked, individuals will be notified with “all relevant regulatory and legal guidelines.”

Ascension said it is an ongoing situation and the company will provide updates as more information becomes available.

The cyberattack follows one in February, when a threat was detected at UnitedHealth’s technology unit, Change Healthcare.

Change Healthcare, a subsidiary of UnitedHealth Group that manages payment systems for most U.S. hospitals, was hit by the attack, resulting in patients paying out of pocket for medicines and health care services due to the effects.

That attack hit a “substantial proportion of people in America” and the company paid a ransom in an effort to protect patient information. As of mid-March the company said it was testing software to come back from the attack, but there was no date set for the full recovery.