Black Basta Behind Ransomware Attack on Ascension

May 15, 2024
Health-ISAC warns the healthcare industry against the Russian-speaking threat actor Black Basta.

Current investigations indicate that the Russian-speaking group Black Basta has deployed ransomware onto Ascension. On May 8, the Catholic health system released a news brief that stated it was experiencing a cybersecurity event. On May 9, Ascension confirmed that the organization was hit by a ransomware attack, leading to a diversion for emergency medical services and interruption in services concerning its electronic health records system (EHR), among other tools.

CNN’s Sean Lyngaas reported last Friday, using several sources, that the cyberattack on Ascension was perpetrated by the ransomware group Black Basta, a potential offshoot of Conti.

On May 10, Orlando-based Health-ISAC issued a threat bulletin regarding Black Basta as a significant threat actor to the healthcare industry. Health-ISAC urged all Healthcare and Public Health (HPH) sector entities to follow the recommended actions listed in the bulletin. These actions include infrastructure organizations installing updates for operating systems, software, and firmware, integrating multifactor authentication (MFA), and training users to recognize and report phishing attempts.

“It’s just another demonstration of the need for additional resources to help protect hospitals and healthcare systems globally,” commented Errol Weiss, chief security officer at Health-ISAC. “Typically, with these ransomware actors, they're taking a pretty broad approach in terms of throwing out their net to try to cast a victim,” he added. Of the ransomware cases tracked by Health-ISAC over the last year, about eight percent were in the healthcare sector.

Last year, Healthcare Innovation reported on the threat that the ransomware group Black Basta posed to healthcare organizations. On March 13, 2023, the Health Sector Cybersecurity Coordination Center (HC3) published a threat profile on the group, which was first spotted in 2022.

Meanwhile, a timeline for system restoration at Ascension is still absent. “We are focused on restoring systems safely. We are making progress; however, it will take time to return to normal operations,” an Ascension spokesperson said in a statement earlier this week.

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...