Skip to main content
Snow icon
36º

Ascension cyber attack caused by worker who accidentally downloaded malware

Officials: Attackers accessed 7 of 25,000 servers

Ascension St. John Hospital, Detroit (Copyright 2024 by WDIV ClickOnDetroit - All rights reserved.)

DETROIT – A cyber attack that sent Ascension hospitals and health care systems offline in May happened because a worker accidentally downloaded malware, officials said this week.

“Clinical operations” were affected at Ascension hospitals and medical centers, which operate in Michigan and 18 other states, when a cyber attack forced the organization to transition to offline systems in early May. It was later said that the attack was actually a ransomware attack -- meaning someone (or someones) broke into Ascension’s computer system, took hold, and were demanding ransom for its return.

The attack has been under investigation as Ascension works to bring its operations back online. Ascension’s Electronic Health Records system, for example, was expected to be restored at facilities nationwide by June 14, officials said last week.

Not all online systems had been restored yet.

After investigating for weeks, officials found that cyber attackers were able to access Ascension’s systems through a malicious file downloaded accidentally by a worker, who thought the file “was legitimate.” The organization said this week that it was simply an “honest mistake” made by the worker, who has not been identified.

The investigation also revealed that cyber attackers were able to access seven of the health system’s 25,000 servers across their network, a spokesperson said on Wednesday, June 12. It wasn’t entirely clear yet what that meant, or exactly what data had been accessed.

“Though we are still investigating, we believe some of those files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual,” the spokesperson said.

Officials said they don’t believe cyber attackers were able to access the Electronic Health Records system.

Ascension hospitals and care centers have remained open and functional since the attack, but normal operations had shifted for staff, and somewhat for patients. Operating times were still the same, and prescription services were still available, but some changes were implemented -- though officials said last week that Ascension Rx services were operational again.


About the Author
Cassidy Johncox headshot

Cassidy Johncox is a senior digital news editor covering stories across the spectrum, with a special focus on politics and community issues.

Loading...