Ascension Hospitals in Chaos Following Ransomware Attack


May 21, 2024

World map

It has been a little more than a week since the Ascension hospital system was hit by a ransomware attack and operations continue to be disrupted, including ambulances reportedly being diverted to other care provider facilities.

The attack has forced staff to depend on manual paper-and-pen systems in the treatment of patients in an environment described by one nurse as “pure and utter chaos from the second you walk into the door.”

Ascension operates over 250 locations across Middle Tennessee, serving hundreds of thousands of patients. The attack reportedly impacted systems that assist in charting, scheduling medical tests and procedures, and the ability to access critical healthcare records required for the treatment of patients.

“We are a week in now at this and there is no end in sight. They are saying it’s very tense at work, the atmosphere, nurses are worried about patient safety, and also about their own nursing license because all of the safety checks that we have in place have basically been eliminated,” WKRN reports the nurse as stating.  

“Not only is it there where the RaDonda Vaught situation took place, but it’s a very similar situation and they are having to override all the medications from their Pyxis or their automatic dispensing cabinet, and they cannot scan the medications, so you can’t scan the armband on the patient or the barcode to match to see if that is even the correct order or dose for the patient. These are basic safety checks that have been eliminated,” said Nurse Erica.

The situation is equally distressing on the patient side as well, with systems down that assist in treatment accuracy such as medication distribution that prevent potential mistakes in patient care.

“The nursing staff didn’t know what to do since the computers were down, phone lines were down, and it was just a really difficult situation. They were writing things down. They were asking a lot of questions, repetitive questions, some questions over and over. Some things were not written down that should have been written down. They tried to give my father some medication that he should not have had, and luckily I was there to intercept that,” one patient’s relative explained.

Takeaway: A recent study revealed in the last several years there have been more than 500 successful ransomware attacks impacting nearly 10,000 healthcare providers exposing over 52 million patient records. It is estimated these attacks have bled the US economy by tens of billions of dollars.

Another study by Ponemon revealed that 68% of respondents said ransomware attacks disrupted patient care, 46% noted increased mortality rates, and 38% noted more complications in medical procedures following an attack.  

Yet another study found that ransomware attacks contributed to between 42 and 67 patient deaths over a five-year period, and an alarming 33% increase in hospitalized Medicare patient deaths per month.  

Ransomware attacks are one of the biggest threats facing every organization today and healthcare providers have been hit particularly hard. Data extortion and ransomware groups have shown time and time again that there is no line they will not cross to enrich themselves.

We have reached the point where ransomware attacks against critical infrastructure such as healthcare providers should undoubtedly be classified as cyberterrorism, and the U.S. government should be addressing these life-threatening attacks as such.

With lives literally on the line, why is this threat not being taken more seriously? Ransomware operators will continue to victimize healthcare providers because the sector typically lacks the appropriate budgets and staff to maintain a reasonable security posture.

Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt everyday business, it directly affects the lives of their patients. This puts tremendous pressure on the organization to pay the ransom demand or risk delays in patient care.  

Ransomware operators know this and use this urgency as leverage to compel ever larger ransom demands. If this does not rise to the level of outright terrorism, what does?

There is a good deal of evidence that many of the players and tooling used by the notorious ransomware gangs can be tied to the Russian government, so the potential dual nature of a subsection of ransomware attacks should be considered.

The attacks are a steady revenue stream for the attackers, but some of the attacks may also work to further the geopolitical interests of adversarial nations, with Russia being the prime culprit.

A recent report by Chainalysis assessed that 74% of all the illicit revenue generated by ransomware attacks during 2021 went to Russia-linked attackers, the lion’s share of ransomware proceeds.

This is simply state-sponsored terrorism that allows for convenient plausible deniability for adversarial nations like Russia. Executive Order 13224, issued by President Bush in September 2001, seems to be clearly applicable to some ransomware attacks, like those against healthcare:

“For the purpose of the Order, “terrorism” is defined to be an activity that (1) involves a violent act or an act dangerous to human life, property, or infrastructure; and (2) appears to be intended to intimidate or coerce a civilian population; to influence the policy of a government by intimidation or coercion; or to affect the conduct of a government by mass destruction, assassination, kidnapping, or hostage-taking.”

Ransomware attacks against critical infrastructure are a form of terrorism in and of themselves, and the fact that may of the attacks are so closely related to the geopolitical interests of adversarial nations - and provide them with plausible deniability - means we can no longer address these issues as simple criminal matters. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.