US non-profit health system Ascension has confirmed that its electronic health records (EHR) system is down following a ransomware incident on 8 May 2024.

In a cybersecurity update, published on 13 May 2024, Ascension said its hospitals and facilities remained open, but its EHR and various systems to use order tests, procedures, and medications were not operational.

While the systems are down, Ascension said that clinical teams are utilising manual processes and paper records for dispensing medication, inputting health medical records, ordering and completion of diagnostic tests and procedures, contacting patients and sharing information securely.

It added that several of its 140 hospitals were on diversion for emergency services to ensure emergency cases are triaged immediately.

Ascension said that it is working with cyber security experts and “focused on restoring systems safely”.

“We are making progress, however, it will take time to return to normal operations,” it added.

The cyber attack was first announced by Ascension on 9 May 2024, when it said it had “detected unusual activity on select technology network systems, which we now believe is due to a cybersecurity event” the previous day.

It added that access to some systems had been “interrupted” and there was “disruption to clinical operations”.

Information security firm Mandiant has been engaged to assist in Ascension’s investigation and remediation process.

“Together, we are working to fully investigate what information, if any, may have been affected by the situation.

“Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines,” Ascension said.

Ascension said it had also notified law enforcement and government bodies including the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services.

The attack follows an announcement from NHS Dumfries and Galloway that around three terabytes of stolen patient data has been published on the dark web by ransomware group Inc Ransom after a cyber attack in March 2024.

A report from cyber security company Trustwave, published in May 2024, includes details of known ransomware attacks on the public sector over the 12 months, including an attack on Barts Health NHS Trust in May 2023.

Ed Williams, vice president of EMEA’s consulting and professional services at Trustwave, told Digital Health News that healthcare organisations worldwide are “treasure troves of sensitive and confidential data, which are desirable targets for malicious actors”.

“From the cyber criminals’ perspective, the more sensitive the data, the more likely they are to get paid by the organisation to get it back. If the organisation does not pay, then the unfortunate truth is that someone on the dark web will,” he added.

Williams said that there needs to be a “unified approach in defending against cyberattacks, which can only be realistically achieved through proper cyber governance”.