Ascension Health, the leading chain of Catholic hospitals in the USA, announced on Thursday that it was grappling with a cyberattack, which has disrupted its operations.

In an official statement released on its website, Ascension acknowledged the impact of the attack, noting disruptions to clinical operations due to the interruption of access to certain systems. 

The statement assured the public that their care teams are equipped to manage such disruptions and have implemented protocols to maintain patient care safety and minimize disruptions. 

The company disclosed its engagement with cybersecurity consultancy firm Mandiant to aid in the investigation and resolution process and has also informed law enforcement agencies of the incident. 

This incident comes on the heels of a cyberattack that afflicted health insurance titan UnitedHealthcare and its affiliates for weeks. Although UnitedHealth has largely restored its affected operations, some services remain offline. UnitedHealth Group CEO Andrew Witty recently testified to the inadequacy of their cybersecurity measures, revealing a $22 million bitcoin payment to halt the operational siege.

According to Becker’s Hospital Review, Ascension ranks as the fourth-largest hospital network in the United States, boasting 140 locations across 19 states and Washington, D.C., with significant presence in St. Louis and the Chicagoland area.

Securing Healthcare Data in Cloud: 7 Key Considerations

When healthcare organizations transition their data to cloud storage, they should prioritize specific cybersecurity measures to safeguard against ransomware and other threats. Hospitals can take several proactive measures to prevent cyberattacks and here’s what they should look for from cloud service/storage providers:

1. End-to-End Encryption: Ensure that the cloud service provider offers robust encryption mechanisms to protect data both in transit and at rest. End-to-end encryption ensures that data remains secure throughout its lifecycle, mitigating the risk of unauthorized access in the event of a breach.
2. Data Segmentation and Access Controls: Look for cloud providers that offer granular access controls and data segmentation capabilities. This allows healthcare organizations to restrict access to sensitive data based on user roles and permissions, reducing the attack surface and limiting the impact of potential breaches.
3. Regular Security Audits and Compliance Certifications: Choose cloud providers that undergo regular security audits and hold industry-specific compliance certifications, such as HIPAA (Health Insurance Portability and Accountability Act) for healthcare organizations. These certifications demonstrate the provider’s commitment to maintaining high standards of security and compliance.
4. Advanced Threat Detection and Prevention: Opt for cloud providers that employ advanced threat detection and prevention technologies, such as machine learning algorithms and behavior-based analytics. These tools can help identify and mitigate ransomware threats in real-time, minimizing the likelihood of successful attacks.
5. Data Backup and Disaster Recovery: Ensure that the cloud service provider offers robust data backup and disaster recovery solutions. Regular backups combined with efficient recovery mechanisms can help healthcare organizations restore data in the event of a ransomware attack, reducing downtime and minimizing disruption to critical services.
6. Transparent Incident Response Protocols: Seek cloud providers that have well-defined incident response protocols and clear communication channels in place. In the event of a security incident or ransomware attack, timely notification and collaboration are essential for containing the threat and minimizing its impact on operations.
7. Continuous Security Monitoring and Updates: Choose cloud providers that offer continuous security monitoring and regular updates to their infrastructure and security protocols. This ensures that healthcare organizations benefit from the latest threat intelligence and security enhancements, staying ahead of evolving ransomware threats.

By prioritizing these key considerations when selecting cloud service/storage providers, healthcare organizations can bolster their cybersecurity posture and better protect their data against ransomware and other cyber threats in the cloud. 

You would be interested in reading the Insights into Ransomware in Healthcare by Rubrik Zero Labs