Blog | ThinkStack

The Ascension Incident: How One Email Took Down An Entire Hospital System

Written by In the News | Jun 25, 2024 1:55:06 PM

A recent ransomware attack against Ascension, a health system with 140 hospitals in at least 10 states, locked providers out of systems that track and coordinate nearly every aspect of patient care. They included its systems for electronic health records, some phones, and systems  “utilized to order certain tests, procedures and medications,” the company said in their statement.

Background - How it Started

An employee at one of Ascension hospitals in Michigan accidentally downloads a malicious file, mistaking it for a legitimate document. This seemingly small mistake allowed attackers to hack into seven of the hospital system’s 25,000 servers, resulting in a weeks-long cyber attack that stifled operations across Ascension’s entire network of hospitals and care facilities. Doctors and nurses struggled to access patient files, compromising timely care in the emergency room. 

Probably the scariest quote that came out of NPR’s reporting on the ransomware attack was this:

Marvin Ruckle, a nurse at an Ascension hospital in Wichita, Kansas, said he had a frightening experience: He nearly gave a baby “the wrong dose of narcotic” because of confusing paperwork. Ruckle, who has worked in the neonatal intensive care unit at Ascension Via Christi St. Joseph for two decades, said it was “hard to decipher which was the correct dose” on the medication record. He’d “never seen that happen,” he said, “when we were on the computer system” before the cyberattack. 

“For a lot of our nurses, they’ve never paper charted at all,” said Connie Smith, a charge capture coordinator and head of the Wisconsin Federation of Nurses and Health Professionals. “We were using forms that we pulled out of drawers that hadn’t seen the light of day in a long, long time.”

The Far-Reaching Impact of a Ransomware Event: What Could Happen to You?

A ransomware event can have an impact far beyond the cost of the ransom, when you pay it. You may also be thinking about the downtime of your organization; and the issues created by hackers gaining access to outside information. But the damage doesn’t stop there. 

Did you know:

  • Specific to hospitals - in a recent study, it was estimated that the mortality rate actually increases 1-2% as the result of a cyber attack. 
  • Organizations can face class-action lawsuits as a result of a ransomware attack, and their response. Ascension is already facing two actions in the weeks following the attack. 
  • In Ascension’s case - and think about this for your organization - staff members had to revert to old school paper forms that some in the organization had never used. 
  • For small businesses -  60% will have to cease operations within 6 months of a cyber attack. 
  • For our credit union clients - financial services firms are 300 times more likely to be targeted by a cyber attack, with an average breach cost of $5.9 million USD. (Source - IBM Cost of a Data Breach Report 2023). 
  • At the worst possible time, you can experience massive turnover and recruiting challenges. 


Our Advice

Ongoing cybersecurity training and education for your staff can go a long way, but the best way to be prepared for a cyber event is to assume it’s going to happen to you. Now what?

Jen Anthony, Think|Stack’s VP Security & Risk, offered this advice:

“The only way to prepare for a ransomware attack is to have planned for it, and actually simulated and practiced your response. The two biggest factors in how an organization responds boils down to two things: Leadership and Communication.“

“Leaders who have prepared their organization for a ransomware attack and have a clear plan of how to respond are miles ahead of those that are not prepared. Even the best leaders, if forced to try and figure things out for the first time after an event has happened, are going to struggle.”

In a time of crisis, the only way to maintain the trust of your employees, and  your customers/members/clients is clear and consistent communication. You should have a communications team ready to spring into action consisting of your leadership, legal counsel, and public relations professionals to help you craft and deliver a consistent stream of information as early and as you can, as often as you can.”

How Think|Stack Ransomware Tabletop Exercises Can Prepare Your Organization for Cyber Attacks

At Think|Stack, we can help you conduct ransomware tabletop exercises designed to equip your organization with the skills and strategies needed to effectively respond to a cyber attack, ensuring minimal disruption and maximum protection for your sensitive data.  

The Role of Ransomware Tabletop Exercises

Ransomware tabletop exercises are simulated scenarios that help organizations prepare for and respond to ransomware attacks. These exercises are crucial for several reasons:

  1. Identify Vulnerabilities: By simulating a ransomware attack, you can identify potential vulnerabilities in your system before real attackers exploit them. This proactive approach allows you to strengthen your defenses and mitigate risks.
  2. Improve Response Time: During a ransomware attack, every second counts. Tabletop exercises help streamline your response process, ensuring that your team knows exactly what to do and when to do it, thereby reducing downtime and minimizing the impact on operations.
  3. Enhance Communication: Effective communication is vital during a cyber attack. These exercises facilitate better communication among team members and with external stakeholders, ensuring that everyone is on the same page and that information is disseminated quickly and accurately.
  4. Test Incident Response Plans: Having an incident response plan is essential, but it’s equally important to test it regularly. Tabletop exercises allow you to evaluate the effectiveness of your plan, making necessary adjustments based on the outcomes of the simulation.
  5. Build Confidence and Preparedness: Knowing that your organization is prepared for a ransomware attack instills confidence in your team. It ensures that everyone is ready to act swiftly and decisively, reducing panic and confusion during an actual incident.

Why Choose Think|Stack for Your Tabletop Exercises?

At Think|Stack, we specialize in creating customized ransomware tabletop exercises tailored to your organization’s specific needs. Our approach includes:

  • Realistic Scenarios: We design realistic scenarios based on the latest threats and trends in the cybersecurity landscape, ensuring that your team is prepared for the types of attacks they’re most likely to encounter.
  • Expert Facilitation: Our experienced facilitators guide your team through the exercise, providing insights and feedback to help improve your response strategies.
  • Comprehensive Reporting: After the exercise, we provide a detailed report highlighting strengths, weaknesses, and actionable recommendations for enhancing your cybersecurity posture.
  • A Strong Framework: We also provide your team with a framework that you can repurpose so that you can continue practicing on your own in an effective manner.

Final Thoughts

The Ascension cyber attack serves as a stark reminder of the importance of being prepared for ransomware incidents. By scheduling a Think|Stack ransomware tabletop exercise, your organization can identify vulnerabilities, improve response times, enhance communication, and build confidence in your ability to handle cyber threats. 

Don’t wait for a cyberattack to test your readiness. Contact Think|Stack today to schedule a ransomware tabletop exercise and take the first step towards a more secure future for your organization.
View full post