The recent Ascension Healthcare cyberattack shines a bright light on the necessity of a layered approach to cybersecurity for businesses of all sizes and industries. On May 8th, 2024, the attack shut down vital systems in the multi-state healthcare provider's network—access to Electronic Health Records (EHRs), the MyChart patient platform, and various test-ordering systems.
While the investigation is ongoing, as of June 12th, Ascension has released an update on the situation. According to their press release, the breach occurred when an employee mistakenly downloaded a malicious file, allowing attackers to infiltrate the network. Some compromised files may contain Protected Health Information (PHI) and Personally Identifiable Information (PII). However, no evidence suggests data was taken from the securely stored Electronic Health Records (EHR) system.
In an informative interview with CBS News Detroit, our President of Brokerage, David, emphasizes several lessons from this incident that every business owner should consider to enhance their organization's cybersecurity and ensure its safety.
Here are the highlights:
First and foremost, businesses must get their arms around security across the board. Planting firm roots in cybersecurity is a multifaceted approach—employee training, vigilant monitoring for malicious actors, implementing appropriate security controls, having an incident response plan, and staying abreast of advancements in threats. Each facet is crucial to a successful and proven cybersecurity strategy.
Employees are a critical defense against cyber threats for any organization, so businesses should prioritize cybersecurity education. Training should include awareness of common scams like phishing and fake video/audio schemes, adapting to the evolving landscape of cyber threats. Education should teach employees to promptly and accurately identify sophisticated phishing emails and other tactics.
In a vastly online society, we are overexposed and under-protected. Businesses must implement protective measures and be well-prepared with a clear action plan in the event of a cyberattack. Preparation equates to a detailed incident response plan and ensuring all employees understand their roles and responsibilities.
AI has significantly raised the bar for cyberattacks. Gone are the days of scam emails littered with poor grammar and misspelled words. Free AI platforms like ChatGPT and Claude make it all too easy for threat actors of any skill level or language to create convincing emails. David emphasizes that every significant company will inevitably use artificial intelligence in some capacity. Therefore, businesses must understand AI, use it to their advantage, and stay updated on the latest threats, even if they do not perceive themselves as a prime target. Every business is a potential target.
Given the increasing frequency and sophistication of cyber threats, cyber insurance is a critical investment for all businesses to safeguard against potential financial losses and operational disruptions. Here’s why:
The Ascension cyberattack is a stark reminder of the vulnerabilities all businesses experience in the digital age. By implementing comprehensive security measures, training employees, staying proactive online, embracing AI, and investing in cyber insurance, business owners can better protect their organizations and navigate the complex landscape of cyber threats. Per David's expert advice — embrace, understand, and use these tools to your benefit to stay secure in an increasingly connected world.
Get in touch