A cyber security event has caused significant disruptions to clinical operations at Ascension, a health care system with over 140 hospitals in 19 states and Washington, D.C. This incident has led to major impacts on medical services in several states, including Kansas, Florida, and Michigan. Physicians in Michigan are now required to write everything on paper due to the cyber security event, taking the medical facilities back to technology levels of the 1980s or 1990s.
This attack comes at a time when lawmakers and federal regulators are still grappling with the aftermath of the February attack on Change Healthcare. This attack has potentially exposed private data on a significant number of Americans, according to company estimates. Change Healthcare admitted to paying $22 million to the ALPHV ransomware group, which then shut down its site. An affiliate who was allegedly involved in the attack took 4 terabytes of data to another extortion site after being cut out of the proceeds.
The situation with Change Healthcare has reignited the conversation around establishing minimum cybersecurity standards for the hospital industry. Industry groups have expressed their commitment to fighting against such standards, but health care remains one of the most targeted sectors by ransomware operators. Disruptions to medical services are intolerable for long periods, and operators might be more inclined to pay extortions as indicated by cybersecurity firm Emsisoft.