Employee Downloaded Malicious File That Led to Ransomware Attack 

The cause of the Ascension ransomware attack on May 8 is being linked to one employee who made a mistake. 

In a statement on the health system’s website on June 12, Ascension said, “An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake.” 

PHI Potentially Leaked in Ransomware Attack 

From this one incident, a company spokesperson revealed that the attackers managed to access files from seven of the approximately 25,000 servers on the Ascension network, enabling attackers to potentially obtain protected health information and personally identifiable information.  

With a vast network spanning 140 hospitals across 19 states and Washington, D.C., and serving over six million patients nationwide, Ascension is the largest Catholic non-profit hospital network in the U.S.  The discovery of the ransomware attack in early May prompted Ascension to initiate investigative processes, transition to paper records, and redirect emergency services.  

While the investigation into the extent of the incident and the types of data stolen in the attack is still underway, no evidence has shown that data was stolen from Ascension’s Electronic Health Records (EHR). On June 14, EHR access was restored, allowing clinical workflow in hospitals and clinics to function as before the ransomware attack.  

Managed Phishing and Cybersecurity Awareness Training Can Help Thwart Attacks 

“All it takes is one person not paying attention,” says PrivaPlan CIO Ron Bebus. To lessen the likelihood of these types of incidents, PrivaPlan offers managed phishing and cybersecurity awareness training services. 

Although the Ascension statement did not specify whether the worker was a victim of a phishing email, hackers often direct email recipients to download an attachment that exposes their system to malware. Our team of experts simulates phishing attacks to assess your organization’s vulnerabilities. By leveraging our tools and techniques, we identify and proactively mitigate potential weak points, ensuring your workforce is well-prepared to recognize and respond to phishing attempts.  

“Rarely there is a simulated phishing test that has zero clicks,” says PrivaPlan Cybersecurity Coordinator and Senior Analyst Jo Bradley. “Slow down and look at the sending email address, and always verify by other means if you are unsure. We need to ensure the end user understands that they are the greatest line of defense for their organization when it comes to cybersecurity.”