Ransomware attack forces Ascension hospitals to turn away some ambulances

The hospital group that operates Ascension Resurrection in Chicago and St. Alexius in Hoffman Estates is continuing to recover from a cyberattack last week.

Ascension hospital exterior
A ransomware attack as affected Ascension hospitals, including St. Alexius Medical Center in Hoffman Estates, electronic health records system and the system it uses to order tests, procedures and medications. PR Newswire
Ascension hospital exterior
A ransomware attack as affected Ascension hospitals, including St. Alexius Medical Center in Hoffman Estates, electronic health records system and the system it uses to order tests, procedures and medications. PR Newswire

Ransomware attack forces Ascension hospitals to turn away some ambulances

The hospital group that operates Ascension Resurrection in Chicago and St. Alexius in Hoffman Estates is continuing to recover from a cyberattack last week.

WBEZ brings you fact-based news and information. Sign up for our newsletters to stay up to date on the stories that matter.

A ransomware attack has forced hospital group Ascension’s computer systems offline and diverted ambulances away from some of its emergency departments, including one in the Chicago area.

The hospital group that operates Ascension Resurrection in Chicago, St. Alexius in Hoffman Estates and Alexian Brothers in Elk Grove Village said it was a victim of a “cybersecurity event” after noticing “unusual activity” on its computer network on Wednesday.

It confirmed Saturday that it is recovering from a ransomware attack and is working with cybersecurity experts and the FBI. Ascension did not say when its computer systems would be restored.

The sprawling St. Louis-based hospital group operates 140 hospitals in 19 states. In Illinois, Ascension runs 15 hospitals and 230 sites of care.

Ascension said its facilities remain open but that several hospitals are turning away ambulances and diverting them to other hospitals “to ensure emergency cases are triaged immediately.”

An Ascension spokeswoman said Alexian Brothers went on ambulance diversion from 5 p.m. Wednesday to 7 a.m. Thursday as a result of the attack. Resurrection and St. Alexius hospitals were not affected, she said.

The attack took down Ascension’s electronic health records system and the system it uses to order tests, procedures and medications, the hospital group said. Staff have reverted to using paper records and “processing everything by hand.”

“While our restoration work continues in earnest, our focus is on restoring systems as safely as possible,” an Ascension spokesperson said in a statement Saturday. “While we expect this process will take time to complete, we are making progress and systems are being restored in a coordinated manner at each of our care sites. We will continue to share updates on our recovery process.”

Ascension did not say who was behind the attack. But CNN reported the ransomware used in the hack is known as Black Basta, which has been used in attacks on health care organizations. Black Basta is also the name of a Russian-connected criminal group that uses ransomware.

On Friday, a cyberthreat group for health care providers warned that hackers using Black Basta ransomware have “recently accelerated attacks against the health care sector.” The warning from the Health Information Sharing and Analysis Center said it had affected two hospital groups in the U.S. and Europe in the past month, but did not name them.

It’s the latest in a series of cyberattacks on major health care providers.

A ransomware attack in February against Change Healthcare, a subsidiary of UnitedHealth, may have exposed personal data of one-third of Americans, UnitedHealth’s CEO testified in Congress earlier this month. Legislators called the hearing to scrutinize the cybersecurity of some of the country’s largest health care organizations.

Lurie Children’s Hospital in Chicago suffered a ransomware attack earlier this year, taking down its phone, email and computer system for several weeks. A ransomware group that calls itself “Rhysida” claimed to be behind the attack and sold data from Lurie.