Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Ascension Health falls victim to cyberattack, impacting 13.4 million

Written by Tshedimoso Makhene | May 14, 2024

Ascension Health has detected a cyberattack that potentially harms 13.4 million individuals.

 

What happened 

A chain of Catholic hospitals in the US has experienced a cyberattack in May 2024 that disrupted operations and patient care that may have affected 13.4 million customers. Ascension Health detected unusual activity on its network systems and launched an investigation. The company is assessing the impact and duration of the disruption.

The company has engaged Mandiant, a third-party expert, to aid in the investigation. Additionally, relevant authorities have been notified about this incident.

 

What was said? 

A healthcare provider at Ascension Health told Fox Business that their “teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.Although clinical operations have been disrupted, the teams continue to investigate the extent and length of the disruption.

 

Why it matters

In February, Change Healthcare fell victim to one of the most significant cyberattacks ever carried out against the US healthcare system. This attack on Ascension Health is yet another example of how healthcare organizations must prioritize strengthening their cybersecurity measures. Globally, the average cost of a cyberattack has risen to $4.45 million in 2023 and has risen 2.3% since 2022. However, organizations that prioritized a risk-based analysis approach to their cybersecurity experienced data breach costs averaging $3.98 million. This suggests that organizations that prioritize cybersecurity measures could save money. Prioritizing cybersecurity can also enhance HIPAA compliance and maintain trust with their patients.

 

By the numbers

  • A shorter breach lifecycle leads to lower costs: A shorter data breach lifecycle, defined as fewer than 200 days, correlates with reduced data breach costs. Breaches contained within this timeframe incur an average cost of USD 3.93 million, compared to USD 4.95 million for breaches with a longer lifecycle. This highlights a 23% cost difference, translating to cost savings of USD 1.02 million for breaches contained within a shorter timeframe.
  • Effectiveness of incident response (IR) strategies: Organizations that formed an IR team and tested their IR plan were able to identify and contain breaches 54 days faster than those that did not employ either strategy. Testing the IR plan alone, even without forming a dedicated IR team, also proved effective, reducing breach identification and containment time by 48 days.
  • Utilization of threat intelligence and risk managementUtilizing threat intelligence services has been shown to expedite breach detection, with organizations employing these services identifying breaches 28 days faster than those not using threat intelligence. 
  • Ransomware attacks: Ransomware attacks have emerged as significant threats, with substantial financial and operational impacts on organizations. Cooperation with law enforcement can lead to significant benefits, including cost reduction and shorter breach containment time. However, paying the ransom has minimal cost savings, as organizations that paid the ransom saw only a slight reduction in the total cost of the breach.
  • Indirect costs: Data breaches can also result in indirect costs, including impact on healthcare service delivery, reputational damage, and increased insurance premiums. These indirect costs can have long-term financial repercussions for healthcare organizations.

Go deeperThe economic reality of cybersecurity attacks in healthcare

 

FAQs

What is a data breach?

A data breach is a security incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen without authorization.

Read moreHealthcare data breaches: Insights and implications

 

Why is cybersecurity important to healthcare?

Compliance with regulations like HIPAA requires robust cybersecurity measures to ensure patient information's confidentiality and integrity. Cybersecurity is essential for safeguarding medical devices and systems, maintaining continuity of care, and preserving reputation and trust. Effective cybersecurity measures are crucial for ensuring the confidentiality, integrity, and availability of healthcare services and patient information.

 

What is an IR strategy?

An incident response strategy is a structured approach that outlines the actions and procedures to be taken in the event of a cybersecurity incident or breach. It involves a coordinated effort to detect, respond to, mitigate, and recover from security incidents effectively. 

Read moreThe 6 steps of incident response