Ascension Healthcare says employee error resulted in a major ransomware attack
St. Louis, Missouri-headquartered Ascension Healthcare revealed that hackers gained access to its systems after an employee mistakenly downloaded a malicious file.
In a data security incident notice posted on its website, Ascension said that on May 8, it detected unusual activity in portions of its network and quickly launched an investigation with assistance from cybersecurity company Mandiant to understand the nature and scope of the incident.
In a separate update, the healthcare systems provider said it suffered a ransomware attack and notified relevant law enforcement and governing agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the American Hospital Association (AHA).
In a recent update, an Ascension spokesperson said that the investigation has revealed multiple facts including how threat actors gained access to its internal network.
“We have made progress in our investigation and recovery with the help of third-party cybersecurity experts. At this point, we now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks. These servers represent seven of the approximately 25,000 servers across our network,” reads the update.
Ascension believes that the files accessed by the hackers contain Protected Health Information (PHI) and Personally Identifiable Information (PII), however, the nature of the same is yet to be determined.
“We have also identified how the attacker gained access to our systems. An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake,” Ascension added.
The healthcare service provider added that it has no evidence that data was taken from its Electronic Health Records (EHR) and other clinical systems where patients’ data is stored. It has offered complimentary credit monitoring and identity protection services for all affected individuals.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543