Commentary on the Ascension Data Breach
May 2024 by Daniel Lattimer, Vice President, Semperis
The commentary from Dan Lattimer, Vice President, Semperis on the Ascension Data Breach.
The Ascension breach is yet another reminder that all hospitals and healthcare organisations are caught in the crosshairs of motivated and highly skilled ransomware gangs. Time and time again hospitals are paying ransoms because of the very nature of their work to treat the sick and maintain a high standard of patient care. Any disruptions to the hospital network put patients’ lives at risk.
Kudos to Ascension for immediately disconnecting the infected portions of their network and we have to hope they are able to resume normal operations quickly. Ascension’s transparency is noble and notifying their business partners about the breach will enable any company in their supply chain to assess its own risk. We don’t yet know why Ascension was targeted, but the biggest reason hackers target hospitals is to get paid. It’s that simple.
Today, it’s imperative for hospitals and all public and private sector organisations to have an assumed breach mindset. Breaches will occur, sensitive data could be exposed, and companies could experience months of disruptions. Look at Change Healthcare as an example. They reportedly paid a $22 million ransom and on top of that nationwide recovery costs have already surpassed $1 billion. This is a staggering number. Overall, ransomware attack caused disruptions and cast doubt, cut into profits and in some cases can be a matter of life and death, in environments with critical infrastructure at stake. Preparing now for inevitable disruptions will dramatically improve an organisation’s operational resiliency and better prepare them to turn away adversaries, leading the threat actors to softer targets downstream.
Today, there’s no silver bullet that will solve the cybersecurity challenges facing most organisations. I recommend companies identify the critical services that are “single points of failure” for the business. If critical services go down, the business stops. Have a plan for “what to do if.” And keep in mind that Active Directory environments are the most vulnerable entry points and one of the most negatively impactful attacks; hackers frequently target these environments, making it imperative that organisations have real time visibility to changes to elevated network accounts and groups.