In early May 2024, the Cybersecurity and Infrastructure Security Agency (CISA), along with the Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI), issued a joint advisory on the Black Basta ransomware variant. This advisory highlighted the tactics, techniques, and procedures (TTPs) of the ransomware and provided indicators of compromise (IOCs) to help organizations defend against this growing threat. Since its emergence in April 2022, Black Basta has targeted over 500 organizations across various sectors, including healthcare, critical infrastructure, and private industry, causing significant disruptions and financial losses.
One of the most notable recent victims of Black Basta is Ascension, the largest nonprofit and Catholic health system in the United States. The attack on Ascension disrupted operations across its 142 hospitals and numerous other care facilities, highlighting the severe impact of ransomware on the healthcare sector. This blog will delve into what Black Basta is, the damage it has caused, and the specific repercussions of the Ascension breach.
What is Black Basta?
Black Basta is a ransomware-as-a-service (RaaS) variant that emerged in April 2022, quickly becoming a significant threat due to its sophisticated tactics and widespread impact. The ransomware group is believed to have ties to the notorious Russian Conti group. As of November 2023, Black Basta ransomware victims have paid over $100MM.
The ransomware group is known for its double extortion attacks, where they not only encrypt data but also steal sensitive information, threatening to release it publicly if the ransom is not paid. The attacks typically begin with phishing emails or the exploitation of known vulnerabilities. Once inside a network, they deploy various tools for remote access, network scanning, and data exfiltration before encrypting the systems and demanding a ransom.
What Happened to Ascension?
The breach at Ascension, which occurred in early May 2024, highlights the devastating impact of ransomware on patient care within the healthcare sector. This breach occurred only months after the Change Healthcare breach, which caused unprecedented disruption to the healthcare sector. The Ascension breach caused widespread disruptions, forcing the healthcare provider to take certain systems offline, including electronic health records (EHRs), phone systems, and systems for ordering tests and medications.
The ransomware attack, attributed to the Black Basta group, led to severe operational challenges. With key systems down, Ascension had to divert ambulances from several hospitals to ensure emergency cases could be triaged promptly at unaffected facilities. This redirection of emergency services increased response times and placed additional strain on neighboring healthcare providers. Elective procedures, tests, and appointments were postponed, significantly disrupting routine patient care.
One of the most critical impacts was on patient safety and care continuity. Healthcare staff were forced to rely on manual processes, which are less efficient and more prone to errors. The lack of access to EHRs meant that clinicians could not easily access patient histories, lab results, or medication records, potentially leading to delays in diagnosis and treatment. Patients were asked to bring physical copies of their medication lists and symptom notes to appointments to mitigate the disruption, highlighting the significant burden placed on both patients and healthcare providers.
Ascension now faces multiple class action lawsuits from patients affected by the breach. These lawsuits allege that Ascension failed to adequately protect patient data and ensure the resilience of their systems against cyberattacks. In particular, the class action lawsuits claim that Ascension failed to encrypt patient data, leaving it vulnerable to hackers. These legal challenges underscore the long-term ramifications of the breach, both for the organization and its patients.
This breach reinforces the vulnerability of the healthcare sector to cyberattacks and the profound implications for patient care. The incident at Ascension demonstrates that beyond the immediate financial and operational disruptions, ransomware attacks can compromise patient safety, delay medical treatments, and increase the risk of adverse health outcomes. It highlights the urgent need for healthcare organizations to strengthen their cybersecurity defenses to protect against such threats and ensure the continuity of critical health services.
Conclusion
The current state of cybersecurity is insufficient to protect against sophisticated threats like Black Basta. The Ascension breach is a stark reminder that traditional approaches to cybersecurity are no longer adequate. To effectively combat ransomware and other cyber threats, organizations must adopt innovative technologies and strategies.
One of the biggest risk vectors organizations face is third-party risk. It is critical that organizations incorporate attack surface monitoring and AI into their vendor risk management programs. By continuously monitoring the security posture of vendors, organizations can identify vulnerabilities before they are exploited by attackers.
Get in touch with a third party risk expert today to discuss how the latest innovations in attack surface monitoring and AI can be used to prevent third party breaches.