Cyber Liability

Lessons for Business Owners from the Ascension Cyberattack

Kendra Newley
4 min
June 17, 2024

The recent Ascension cyberattack offers a sobering reminder of how vulnerable businesses are in today's digital landscape—regardless of size or industry. On May 8, 2024, Ascension Healthcare, a major multi-state provider, experienced a ransomware incident that disrupted operations and compromised access to Electronic Health Records (EHRs), MyChart systems, and other critical platforms.

As of June 12, Ascension confirmed the breach originated from a malicious file downloaded by an employee. While no data was taken from its secure EHR system, files containing Protected Health Information (PHI) and Personally Identifiable Information (PII) may have been exposed. The ongoing investigation reinforces the importance of being prepared.

Here are five key lessons from the healthcare cyberattack that every business owner should understand.

Overview of the Ascension Cyberattack Incident

The Ascension data breach highlights how a single employee’s mistake—downloading a malicious file—can lead to widespread disruption. The attack impacted patient services, delayed operations, and raised serious concerns about data security.

This type of cyberattack case study underscores the need for strong internal controls, fast response protocols, and the right coverage to recover effectively.

Lesson 1: The Critical Importance of Incident Response Planning

An effective incident response plan is vital. Without clear protocols and trained personnel, even small breaches can escalate quickly. A comprehensive plan should include:

  • Defined roles and escalation procedures
  • Regular tabletop exercises and drills
  • Post-incident review and process improvement
  • Vendor and legal contacts for rapid mobilization

Quick detection and action can significantly reduce the damage and downtime of any cyber incident.

Lesson 2: Managing Third-Party and Vendor Risk

Ascension’s breach stemmed from a human error—but many healthcare and business breaches originate through vendors. Third-party risk management is essential in today’s interconnected digital ecosystem.

Steps to take include:

  • Conducting cybersecurity due diligence on vendors
  • Requiring contractual commitments for data protection
  • Monitoring for vendor-related threats
  • Using tools that assess external attack surface risks

Your security is only as strong as your weakest link.

Lesson 3: Ensuring Business Continuity and Resilience

The ability to keep operations running—or recover them quickly—makes a huge difference after a cyberattack. For sectors like healthcare, downtime can directly impact patient safety. Businesses need a tested business continuity plan that includes:

  • Secure, offsite backups
  • Cloud redundancies
  • Access to alternative systems or manual workarounds
  • Staff training for operational contingencies

This is central to preventing healthcare cyberattacks from becoming catastrophic.

Lesson 4: Clear Communication During a Crisis

Transparency matters. Ascension released timely public updates, helping manage public concern. Businesses should prepare clear messaging protocols for use during cyber incidents.

Strong crisis communication includes:

  • Notifying clients, employees, and partners quickly
  • Coordinating public relations and legal teams
  • Using internal comms to align your team
  • Complying with notification requirements under GDPR, HIPAA, or CCPA

Informed stakeholders are more likely to trust and support your recovery.

Lesson 5: The Need for Robust Cybersecurity Fundamentals

Even as threats become more sophisticated, basic cybersecurity fundamentals remain essential. This includes:

  • Regular employee training to recognize phishing attempts
  • Multi-factor authentication (MFA) on critical systems
  • Endpoint detection and monitoring
  • Network segmentation and least-privilege access policies

As Ascension’s experience shows, a single compromised device can impact an entire network.

The Role of Cyber Insurance in Recovery

Cyber insurance in healthcare and other industries is increasingly important. It not only covers response costs but also supports long-term resilience. Key features of modern cyber policies include:

  • Financial protection: Covers business interruption, legal fees, and system recovery
  • Data recovery support: Assists with restoring corrupted or stolen data
  • Regulatory fines: Covers penalties for non-compliance with data protection laws
  • Crisis management: Provides PR and communication experts to manage reputational fallout
  • Ransomware response: Helps with negotiation, payment, and threat actor coordination
  • Third-party breach coverage: Extends to incidents involving vendors or suppliers
  • Risk prevention services: Some policies include training, system scans, and pre-breach services

Cyber insurance ensures businesses are not alone when disaster strikes—and can help minimize the impact of future incidents.

Watch a CBS interview here to fully absorb the situation, its implications, and prevention strategies.

Contact Flow Specialty today to secure cyber insurance coverage that protects your business from the full spectrum of threats. Our expert brokers deliver fast, custom solutions built to respond to incidents like the Ascension cyberattack—so you can recover with confidence.

Frequently Asked Questions (FAQ)

What was a key takeaway from the Ascension cyberattack?

One major lesson is the importance of layered cybersecurity. A single employee's action opened the door to a major breach, emphasizing the need for employee training, strong controls, and rapid response plans.

How did third-party risk play a role?

Although the breach was internal, many similar incidents originate through third-party vendors. Managing external risks is a critical part of a business’s cybersecurity strategy.

What can businesses learn about incident response from this event?

A fast and coordinated response is key to mitigating damage. Having an incident response plan—and testing it—helps organizations react efficiently and communicate effectively under pressure.

Why are basic cybersecurity fundamentals still so important?

Despite advances in AI and threat sophistication, many breaches still occur due to basic mistakes—like clicking a malicious link. Fundamentals like MFA, phishing training, and access control remain essential.

How could cyber insurance help in a situation like the Ascension attack?

Cyber insurance could help cover investigation costs, restore lost data, mitigate legal and regulatory fallout, and support public relations. It provides critical financial and operational support during and after a breach.