Ascension healthcare takes systems offline after cyberattack

​Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event."

As a major U.S. nonprofit health system, Ascension operates 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia.

It also employs 8,500 providers, has 35,000 affiliated providers and 134,000 associates. In 2023, it reported a total revenue of $28.3 billion.

"On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event," Ascension said.

"We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues."

The healthcare organization also advised business partners to sever connections to its systems until told otherwise.

"Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment," the nonprofit added.

Clinical operations disrupted

Ascension added that the incident also disrupted clinical operations. An ongoing investigation is now assessing the impact and duration of the disruption.

It has also informed the relevant authorities of the cyberattack and hired Mandiant incident response experts to assist with the investigation and remediation process.

A spokesperson sent BleepingComputer the statement published on Ascension's official website earlier today. The spokesperson said, "This is an ongoing situation, and we will provide updates as we learn more."

Last month, the U.S. Department of Health and Human Services (HHS) warned that threat actors are now using social engineering tactics to target IT help desks in the Healthcare and Public Health (HPH) sector.

These attackers trick employees into enrolling new multi-factor authentication (MFA) devices under the attacker's control, which gives them access to corporate resources.