Saturday, November 9, 2024
Homecyber securityAscension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Published on

Malware protection

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach.

With the assistance of third-party cybersecurity experts, the company has identified that attackers accessed files from a small number of file servers used primarily for daily and routine tasks.

These compromised servers represent only seven out of approximately 25,000 servers across Ascension’s network.

- Advertisement - SIEM as a Service

While the investigation is ongoing, it is believed that some of the files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII) for specific individuals.

However, the specific data affected may vary from person to person.

Cause of the Breach

The breach was traced back to an employee who inadvertently downloaded a malicious file, mistaking it for a legitimate one.

Ascension has emphasized that this was an honest mistake, not a deliberate act.

Importantly, no evidence suggests that data was taken from the company’s Electronic Health Records (EHR) and other clinical systems, where full patient records are securely stored.

The company is conducting a thorough review of the potentially impacted files, which will take considerable time.

Support for Affected Individuals

To provide peace of mind to its patients and associates, Ascension is offering complimentary credit monitoring and identity theft protection services to anyone who requests them.

This offer is available to all Ascension patients and associates, regardless of whether their data was involved in the incident.

Individuals interested in enrolling in these services can contact the dedicated call center at 1-888-498-8066.

Ascension has assured that this offer is a proactive measure to reassure its community and does not imply that any specific individual’s data has been compromised.

Ascension remains committed to transparency and will notify affected individuals and regulatory bodies once the data analysis is complete.

The company regrets any disruption or concern caused by this incident and is dedicated to addressing the situation seriously.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...