Black Basta Ransomware Attack Brought Down Ascension IT Systems: Report

On Friday, the nonprofit group Health-ISAC (Information Sharing and Analysis Center) issued an alert about the group, saying that Russia-linked Black Basta has ‘recently accelerated attacks against the healthcare sector.’

A cyberattack that affected clinical operations at St. Louis-based Ascension health system was perpetrated by Russia-linked ransomware group Black Basta, according to a report.

CNN, citing four sources, reported Friday that the group was responsible for the data breach at Ascension Wednesday.

On Friday, the nonprofit group Health-ISAC (Information Sharing and Analysis Center) issued an alert about the group, saying that Black Basta has “recently accelerated attacks against the healthcare sector.”

CRN has reached out to both Ascension and the U.S. Department of Health and Human Services, which has been aware of the group and issued its own alert in March 2023.

[RELATED STORY: Ascension Cyberattack: Electronic Health Records System Not Working, Some Elective Procedures ‘Temporarily Paused’]

HHS said that Black Basta was initially spotted in early 2022, known for its double extortion attack. The group not only executes ransomware but also exfiltrates sensitive data, operating a cybercrime marketplace to publicly release it should a victim fail to pay a ransom.

“The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups,” the alert from HHS said.

According to one report from blockchain analytics firm Elliptic and cybersecurity risk-focused Corvus Insurance, Black Basta in less than two years has won itself more than $100 million via ransomware schemes from 329 organizations. Previous victims of its attacks include Dish Network, the American Dental Association, business process services firm Capita and tech firm ABB.

On Thursday, Ascension said that its electronic health records system was “currently unavailable” and that it was pausing some non-emergency elective procedures at its hospitals “out of an abundance of caution.”

Ascension, a nonprofit and Catholic health system with 140 hospitals in the U.S., said Wednesday that it initially detected “unusual activity on select technology network systems.” In an update Thursday, Ascension referred to the data breach as a “cybersecurity incident” and said that it was working “around the clock with internal and external advisors to investigate, contain, and restore our systems following a thorough validation and screening process.” The nonprofit had already said that it was using Mandiant to assist in the investigation and remediation process.

The health system said in its latest update that it did not have a timeline for restoring its system.