On May 8, 2024, Ascension Healthcare fell victim to a ransomware attack that crippled operations across 140 hospitals in 19 states and Washington, D.C., affecting an estimated 13.4 million patients. The breach originated when an employee downloaded a malicious file, mistaking it for a legitimate document, highlighting the persistent threat of social engineering tactics in healthcare cybersecurity.
The attack compromised seven out of 25,000 servers, yet the impact proved devastating across Ascension’s entire network. Critical systems went offline, including electronic health records, patient portals, phone systems, and platforms for ordering tests, procedures, and medications. Zero-day exploits could have enabled attackers to bypass traditional security measures and infiltrate previously unknown vulnerabilities in the system.
Healthcare staff were forced to resort to manual tracking of patient information, procedures, and medications, greatly disrupting routine operations. Operational consequences extended beyond administrative inconvenience. Non-emergency surgeries, procedures, and tests faced postponement systemwide, as scheduled appointments were delayed or became unavailable.
Some hospitals diverted ambulances and delayed emergency care because of system unavailability. Staff instructed patients to bring physical prescription bottles and handwritten notes to appointments, illustrating the severity of digital infrastructure loss.
The cyberattack exposed protected health information and personally identifiable information stored on compromised servers. Although investigators found no evidence of complete patient record compromise within EHR systems, concerns remained about partial health and identity information exposure.
The ongoing investigation continues examining the full scope of accessed data. Ascension’s response included immediately taking devices and systems offline as a mitigation measure upon uncovering malicious activity. The organization collaborated with law enforcement and cybersecurity experts to investigate the breach. The Black Basta gang was attributed as the perpetrator of this attack, a group that has reportedly extorted over $100 million from more than 90 victims.
The organization implemented fallback methods, including manual record-keeping and alternative communication techniques, during maintaining transparency about recovery progress and patient care impacts through public statements.
The healthcare giant achieved a key milestone approximately one month after the initial breach when EHR restoration was completed across the system, signaling partial operational normalization.
Nevertheless, patients continued experiencing delays and inefficiencies for weeks following system reopening, with Ascension warning about possible delays in provider responses and access to historical data.
This incident demonstrates how ransomware attacks on healthcare organizations can force ambulance diversions, procedure delays, and manual care tracking, emphasizing the critical vulnerabilities within healthcare digital infrastructure and the cascading effects on patient care delivery.
