Ransomware used in attack that disrupted US hospitals 

A cyberattack that disrupted operations at one of the United States’s largest health care systems last week was carried out using ransomware, the company that was targeted said on Saturday. 

Ascension operates 140 hospitals across 19 states and the District of Columbia and said in a statement on its website that the company is “in close contact” with the FBI and the Cybersecurity and Infrastructure Security Agency “so that our industry partners and peers can take steps to protect themselves from similar incidents.”

According to Ascension, the company “detected unusual activity” in its networks on May 8. The company’s electronic health records systems, as well as various systems used to order certain tests, procedures and medications remain unavailable. The company’s hospitals remain open, but “due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately,” the company said in the update. 

The attack on Ascension represents the second major cyberattack on U.S. healthcare providers in recent months that have utilized ransomware to cause major disruptions. In February, a breach involving the payment processor Change Healthcare made it difficult for large numbers of Americans to fill prescriptions and for healthcare providers to be reimbursed by insurers.

CNN previously reported that Black Basta, a well-known ransomware variant, was used in the attack on Ascension. First spotted in April 2022, the group reportedly exclusively targeted U.S-based organizations in its first year, according to an advisory published in March 2023 by the Health Sector Cybersecurity Coordination Center, an information sharing platform created by the Department of Health and Human Services. 

The malware has since been used in attacks against a wide range of more than 500 businesses and critical infrastructure targets in North America, Europe and Australia, according to a joint advisory from the FBI and CISA published Friday. 

Black Basta has “recently accelerated attacks against the healthcare sector,” according to the Health-Information Sharing Analysis Center, a nonprofit organization that coordinates information security information for the healthcare industry, targeting at least two healthcare organizations in the U.S. and Europe in the last month, the group said, making Black Basta “a significant threat to the healthcare sector.”

Black Basta had not yet listed Ascension on its victim website as of midday Monday.