(Credit: Olemedia via Getty Images)
The ransomware attack on Ascension, a major US healthcare provider, has been traced to a malicious file that ended up on an employee's computer.
“An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake,” Ascension said in an update on Wednesday.
The nonprofit didn’t elaborate on how the malicious file landed on the employee’s computer. But it suggests that hackers sent a convincing phishing email to trick the employee into downloading it.
The Ascension hack has been tied to the ransomware gang Black Basta, which is known to use spear-phishing emails to infiltrate IT systems. This usually involves the hackers extensively researching a target employee, and then crafting a malicious email tailor-made to trick them into believing its contents.
Ascension disclosed its findings in an update to patients about the ransomware incident, which says it uncovered evidence that the attackers stole files from seven of its 25,000 servers.
"Though we are still investigating, we believe some of those files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual,” Ascension said.
The nonprofit is still determining which patients may have been affected. But in some good news, the investigation uncovered no evidence that the attackers ever breached Ascension’s “Electronic Health Records (EHR) and other clinical systems, where our full patient records are securely stored.”
So far, though, Black Basta hasn’t claimed responsibility for the hack. Ascension has also refrained from naming the ransomware group, although CNN reports that sources close to the investigation confirmed Black Basta’s involvement.
In the meantime, Ascension is offering free credit monitoring and identity theft services to any user who requests it, regardless if their data was stolen or not. “Individuals who wish to enroll in free credit monitoring and identity theft protection services should call our dedicated call center at 1-888-498-8066.”
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
