close
close

Black Basta ransomware group suspected of involvement in Ascension data theft

US healthcare provider Ascension has released more details about its “cybersecurity incident” last month, admitting that data was stolen. Some reports also suggest that the Black Basta ransomware gang was behind the attack.

Ascension, one of the largest nonprofit Catholic health systems in the United States and the second-largest hospital operator in the United States as of 2019, first disclosed a security issue on May 5. At the time, Ascension said the attack had disrupted clinical operations and advised business partners to temporarily suspend their connections to the Ascension environment.

In a statement Wednesday, Ascension said it had made progress in its investigation and recovery and now has evidence that the attackers were able to steal files from a small number of file services used by employees for daily and routine data retrieval. Protected health information and personally identifiable information of certain individuals were found on some of these servers.

Ascension also announced that it had discovered how the attacker gained access to its systems: A person “working at one of our facilities inadvertently downloaded a malicious file that they believed to be legitimate.” Ascension said there was “no reason to believe this was anything other than an honest mistake.”

The nonprofit added that at this point it does not know exactly which data may have been affected and from which patients. The investigation is not yet ongoing.

Although Ascension did not disclose the nature of the attack, CNN reported last month, citing four sources, that it was a Black Basta attack. Another indication that it was likely Black Basta was a warning from the Health Information Sharing and Analysis Center on May 10 – two days after the Ascension attack – that Black Basta was actively targeting healthcare organizations.

A report published yesterday by the Threat Hunter team at Symantec detailed how Black Basta is suspected of exploiting a patched Windows bug in recent cyberattacks. Although Ascension is not mentioned by name in the report, the fact that Black Basta, which first appeared in 2022, has been very active recently also supports the idea that Ascension may have been the group’s target.

Max Gannon, Cyber ​​Intelligence Team Manager at phishing protection company Cofense Inc., told SiliconANGLE regarding the attack vector: “Unfortunately, all it really takes is one person making an honest mistake.”

“This is why training is so important. Basic cyber knowledge is becoming more common, but it takes time and a significant investment on the part of the company to truly instill distrust in online interactions and activities,” Gannon added. “Ascension responded well to the breach, keeping relevant parties informed and even offering monitoring for parties who were unlikely to be affected.”

Photo by : Ascension

Your support is important to us and helps us keep the content FREE.

By clicking below you support our mission to provide free, in-depth and relevant content.

Join our community on YouTube

Join the community of more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner for the industry. You are truly a part of our events and we are very happy that you are coming. And I know that people also appreciate the content that you create” – Andy Jassy

THANKS