Black Basta Behind Ransomware Attack on Ascension

    May 15, 2024
    Health-ISAC warns the healthcare industry against the Russian-speaking threat actor Black Basta.
    Illustration 39600348 © Kotist | Dreamstime.com
    Black Basta Behind Ransomware Attack on Ascension
    Black Basta Behind Ransomware Attack on Ascension

    Current investigations indicate that the Russian-speaking group Black Basta has deployed ransomware onto Ascension. On May 8, the Catholic health system released a news brief that stated it was experiencing a cybersecurity event. On May 9, Ascension confirmed that the organization was hit by a ransomware attack, leading to a diversion for emergency medical services and interruption in services concerning its electronic health records system (EHR), among other tools.

    CNN’s Sean Lyngaas reported last Friday, using several sources, that the cyberattack on Ascension was perpetrated by the ransomware group Black Basta, a potential offshoot of Conti.

    On May 10, Orlando-based Health-ISAC issued a threat bulletin regarding Black Basta as a significant threat actor to the healthcare industry. Health-ISAC urged all Healthcare and Public Health (HPH) sector entities to follow the recommended actions listed in the bulletin. These actions include infrastructure organizations installing updates for operating systems, software, and firmware, integrating multifactor authentication (MFA), and training users to recognize and report phishing attempts.

    “It’s just another demonstration of the need for additional resources to help protect hospitals and healthcare systems globally,” commented Errol Weiss, chief security officer at Health-ISAC. “Typically, with these ransomware actors, they're taking a pretty broad approach in terms of throwing out their net to try to cast a victim,” he added. Of the ransomware cases tracked by Health-ISAC over the last year, about eight percent were in the healthcare sector.

    Last year, Healthcare Innovation reported on the threat that the ransomware group Black Basta posed to healthcare organizations. On March 13, 2023, the Health Sector Cybersecurity Coordination Center (HC3) published a threat profile on the group, which was first spotted in 2022.

    Meanwhile, a timeline for system restoration at Ascension is still absent. “We are focused on restoring systems safely. We are making progress; however, it will take time to return to normal operations,” an Ascension spokesperson said in a statement earlier this week.

    Continue Reading

    Sponsored Recommendations

    Explore how healthcare leaders are shifting from reactive maintenance to proactive facility strategies. Learn how data-driven planning and strategic investment can boost operational...
    Navigate healthcare's facility challenges. Get strategies to protect assets and ensure long-term stability.
    Join Claroty, Cisco, and Children's Hospital Los Angeles (CHLA) on-demand as they uncover the reasons behind common pitfalls encountered by hospitals in network segmentation efforts...
    Cyber-physical systems (CPS) in healthcare encompass OT assets and systems, along with a proliferation of connected devices. This includes clinical assets, medical devices, building...