(WWJ) — More information is being released on the cyber attack last month that caused major problems at Ascension, one of the largest healthcare providers in the country.
Ascension officials on Wednesday said they have identified how the attacker gained access to their systems — someone working in one of their facilities accidentally downloaded a malicious file they believed was legitimate.
“We have no reason to believe this was anything but an honest mistake,” officials said.
Authorities did not specify which facility the employee worked at or what the malicious file was purported to contain.
The cyberattack on May 9 disrupted clinical operations at multiple hospitals and facilities in Metro Detroit and across the country. More than a month later, on Tuesday Ascension officials said electronic health records were back online at many hospitals.
Ascension officials said Wednesday evidence indicates the attackers were able to take files from a small number of file servers used primarily for daily and routine tasks. These servers represent seven of the approximately 25,000 servers across their network, according to Ascension.
“Though we are still investigating, we believe some of those files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual,” a press release said.
Importantly, though, Ascension says there is no evidence that data was taken from electronic health records and other clinical systems, where full patient records are stored.
“Right now, we don’t know precisely what data was potentially affected and for which patients. In order to reach those conclusions, we need to conduct a full review of the files that may have been impacted and carefully analyze them,” the press release said. “While we have started this process, it is a significant undertaking that will take time.”
In the meantime, Ascension says for “the greatest peace of mind possible,” they are offering complimentary credit monitoring and identity theft protection services to any Ascension patient or associate who requests it, free of charge, and regardless of whether it is later determined that their data was actually involved in this incident.
Anyone who wants to enroll in free credit monitoring and identity theft protection services should call their dedicated call center at 1-888-498-8066 .
“We encourage all Ascension patients and staff who are concerned to take advantage of these services,” officials said. “We want to be clear, however, that this offer does not mean we have determined that any specific individual patient’s data has been compromised. Rather, it illustrates our desire to do everything possible to reassure our patients and associates, regardless of any impact to specific individuals’ data.”
More on today's top stories:
Most Popular
Comments / 0