Ascension health cybersecurity problem continues; hospitals vulnerable to cyberattacks, expert says

CHICAGO (WLS) -- Ascension is the latest healthcare system to have a cybersecurity problem.

As of Thursday, the Ascension Health Care system is trying to fend off a cybersecurity issue that's impacting dozens of its hospitals and offices in and around Chicago.

ABC7 Chicago is now streaming 24/7. Click here to watch

The impact of the cyberattack is wide ranging. Ascension is one of the country's largest Catholic health care systems with 140 hospitals across the country.

They now join a concerning trend of attacks seen recently at major hospitals in Chicago and elsewhere in the United States.

The threat was discovered on Wednesday, when the company says it noticed unusual activity on network systems.

In a statement, Ascension said in part, "Access to some systems have been interrupted as this process continues. Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible.

Cybersecurity expert Alex Holden with Holden Security said the attacks are becoming more common and hospitals are considered an easy target.

"Bad guys know how to hide their ways in and out so finding where they came in," Holden said. 'What was compromised and the extent of compromise is a very difficult job for such a large organization."

Ascension said it has hired a third-party expert to handle this investigation as the hospitals and offices continue to operate despite some disruptions.

This is now at least the third cybersecurity issue to hit Chicago-area hospitals.

Lurie Children's Hospital was attacked in late January and the problems with its communications system lasted for several weeks. A ransomware group claimed it sold data that it stole from the hospital.

SEE ALSO | UnitedHealth says wide swath of patient files may have been taken in Change cyberattack

Holden said these types of attacks often end up costing the hospital a substantial amount of money.

"Recently a large medical organization paid a large ransom of $22 million to the bad guys, and this encourages bad individuals in our world to go after hospitals," Holden said.

St. Anthony Hospital in Chicago also dealt with a data breach in December, where it said some patient files were copied from its network.

Ascension said it's still investigating its issue and will notify patients if their information has been compromised.

As the process plays out, Ascension is urging all of its business partners to suspend connection to their network. They do not know how long the issue will last.

Ascension issued the following full statement:

"On Wednesday, May 8, we detected unusual activity on select technology network systems, which we now believe is due to a cyber security event. At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues. Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption. We have engaged Mandiant, a third party expert, to assist in the investigation and remediation process, and we have notified the appropriate authorities. Together, we are working to fully investigate what information, if any, may have been affected by the situation. Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines. Out of an abundance of caution we are recommending that business partners temporarily suspend the connection to the Ascension environment. We will inform partners when it is appropriate to reconnect into our environment.

This is an ongoing situation and we will provide updates as we learn more."