Ascension cyberattack caused after employee accidentally downloaded malicious file
(CBS DETROIT) — Last month's cyberattack on Ascension hospitals nationwide happened because of what an investigation determined was a simple employee mistake.
The cyberattack left MyChart, the electronic health records system, and other systems unavailable for workers to access. This prompted hospitals to ask patients to bring notes about their symptoms, medications, prescription numbers and bottles to appointments. Its pharmacies were also unable to fill prescriptions for patients.
After bringing in a third-party company to investigate the attack, Ascension says the attacker gained access to its systems when an employee working at one of their facilities accidentally downloaded a malicious file, according to a release from Ascension.
There is no evidence that information was taken from the hospital's Electronic Health Records or other clinical systems, which is where data from patients' records are kept, but they are still determining what specific data was affected.
"Right now, we don't know precisely what data was potentially affected and for which patients," an Ascension spokesperson said. "In order to reach those conclusions, we need to conduct a full review of the files that may have been impacted and carefully analyze them. While we have started this process, it is a significant undertaking that will take time."
Ascension is offering free credit monitoring at identity theft services to any patient or associate who requests it, even if they "determine in the future that their data was actually involved in this incident."
Anyone interested in getting this free credit monitoring should contact Ascension's call center at 1-888-498-8066.
Ascension encourages anyone with concerns to use the service, but it doesn't mean they know specific information about whose data was affected.
"We want to be clear, however, that this offer does not mean we have determined that any specific individual patient's data has been compromised," the spokesperson said. "Rather, it illustrates our desire to do everything possible to reassure our patients and associates, regardless of any impact to specific individuals' data."
Ascension has 140 hospitals across the U.S. and treats millions of visitors every year.