Ransomware used in attack that disrupted US hospitals | CyberScoop<\/title> <meta name=\"description\" content=\"Electronic health records and systems used to order tests, procedures and medications remain unavailable at some affected hospitals. \"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ransomware-used-in-attack-that-disrupted-us-hospitals\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Ransomware used in attack that disrupted US hospitals \"> <meta property=\"og:description\" content=\"Electronic health records and systems used to order tests, procedures and medications remain unavailable at some affected hospitals. \"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ransomware-used-in-attack-that-disrupted-us-hospitals\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-05-13T18:26:25+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1715117951g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1715145995g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1715025738g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=74528d75ce0daeb8628a\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/80421\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.5.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=80421\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fransomware-used-in-attack-that-disrupted-us-hospitals%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fransomware-used-in-attack-that-disrupted-us-hospitals%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-80421 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ransomware-used-in-attack-that-disrupted-us-hospitals\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.401869158879\">\n<div class=\"single-article__header-content\" readability=\"31.154185022026\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Electronic health records and systems used to order tests, procedures and medications remain unavailable at some affected hospitals. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Paramedics taking patient on stretcher from ambulance to hospital. (\tFangXiaNuo\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"24.032967032967\"><body readability=\"48.725581395349\"><\/p>\n<p>A cyberattack that disrupted operations at one of the United States\u2019s largest health care systems last week was carried out using ransomware, the company that was targeted said on Saturday. <\/p>\n<p>Ascension operates 140 hospitals across 19 states and the District of Columbia and <a href=\"https:\/\/about.ascension.org\/cybersecurity-event\">said in a statement<\/a> on its website that the company is \u201cin close contact\u201d with the FBI and the Cybersecurity and Infrastructure Security Agency \u201cso that our industry partners and peers can take steps to protect themselves from similar incidents.\u201d<\/p>\n<p>According to Ascension, the company \u201cdetected unusual activity\u201d in its networks on May 8. The company\u2019s electronic health records systems, as well as various systems used to order certain tests, procedures and medications remain unavailable. The company\u2019s hospitals remain open, but \u201cdue to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately,\u201d the company said in the update. <\/p>\n<p>The attack on Ascension represents the second major <a href=\"http:\/\/Ascension\">cyberattack on U.S. healthcare<\/a> providers in recent months that have utilized ransomware to cause major disruptions. In February, <a href=\"https:\/\/cyberscoop.com\/ransomware-group-behind-change-healthcare-attack-goes-dark\/\">a breach involving the payment processor Change Healthcare<\/a> made it difficult for large numbers of Americans to fill prescriptions and for healthcare providers to be reimbursed by insurers. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p><a href=\"https:\/\/www.cnn.com\/2024\/05\/10\/tech\/cyberattack-ascension-ambulances-hospitals\/index.html\">CNN previously reported<\/a> that Black Basta, a well-known ransomware variant, was used in the attack on Ascension. First spotted in April 2022, the group reportedly exclusively targeted U.S-based organizations in its first year, according to an <a href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/black-basta-threat-profile.pdf\">advisory<\/a> published in March 2023 by the <a href=\"https:\/\/www.hhs.gov\/about\/agencies\/asa\/ocio\/hc3\/index.html\">Health Sector Cybersecurity Coordination Center<\/a>, an information sharing platform created by the Department of Health and Human Services. <\/p>\n<p>The malware has since been used in attacks against a wide range of more than 500 businesses and critical infrastructure targets in North America, Europe and Australia, according to <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-131a\">a joint advisory<\/a> from the FBI and CISA published Friday. <\/p>\n<p>Black Basta has \u201crecently accelerated attacks against the healthcare sector,\u201d <a href=\"https:\/\/h-isac.org\/black-basta-threat-actor-emerges-as-a-major-threat-to-the-healthcare-industry\/\">according<\/a> to the <a href=\"https:\/\/h-isac.org\/\">Health-Information Sharing Analysis Center<\/a>, a nonprofit organization that coordinates information security information for the healthcare industry, targeting at least two healthcare organizations in the U.S. and Europe in the last month, the group said, making Black Basta \u201ca significant threat to the healthcare sector.\u201d<\/p>\n<p>Black Basta had not yet listed Ascension on its victim website as of midday Monday.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.1375\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/ransomware-used-in-attack-that-disrupted-us-hospitals-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ransomware-used-in-attack-that-disrupted-us-hospitals\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware used in attack that disrupted US hospitals | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2028,72,1603,282,459,46],"tags":[2029,73,1605,286,461,54],"class_list":["post-3540","post","type-post","status-publish","format-standard","hentry","category-ascension","category-black-basta","category-change-healthcare","category-cybercrime","category-health-care","category-ransomware","tag-ascension","tag-black-basta","tag-change-healthcare","tag-cybercrime","tag-health-care","tag-ransomware"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ascension\/\" rel=\"category tag\">Ascension<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/black-basta\/\" rel=\"category tag\">Black Basta<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/change-healthcare\/\" rel=\"category tag\">Change Healthcare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/health-care\/\" rel=\"category tag\">health care<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a>","tag_info":"ransomware","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3540"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3540\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":3540,"date":"2024-05-13T13:26:25","date_gmt":"2024-05-13T18:26:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=80421"},"modified":"2024-05-13T13:26:25","modified_gmt":"2024-05-13T18:26:25","slug":"ransomware-used-in-attack-that-disrupted-us-hospitals","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/13\/ransomware-used-in-attack-that-disrupted-us-hospitals\/","title":{"rendered":"Ransomware used in attack that disrupted US hospitals\u00a0"},"content":{"rendered":"