Ransomware
Ascension Health ransomware attack (Black Basta)
Primary Source βIncident Details
Black Basta ransomware group encrypted servers across a 12-hospital system. Initial access via a malicious file inadvertently downloaded by an employee. Attackers accessed only 7 of 25,000 servers but still exfiltrated PHI. EHR systems (MyChart) unavailable; hospitals reverted to paper charting and some went on diversion. Recovery took ~6 weeks. 5,599,699 patients notified. Third-largest healthcare breach of 2024. FBI and CISA had previously warned about Black Basta targeting healthcare.
Technical Details
- Initial Attack Vector
- CWE-494: Download of Code Without Integrity Check (employee downloaded malicious file believing it legitimate)
- Vendor / Product
- Ascension Health EHR / MyChart
- Malware Family
- Black Basta ransomware
Timeline
- 2024-05-08 Breach occurred
- 2024-05-09 Publicly disclosed
- 2024-12-19 Customers notified