Ascension hospitals hit by cyber disruption

Ascension said on May 9, 2024 that it had detected unusual activity on select technology network systems a day earlier and believed the disruption was caused by a cybersecurity event. The health system said it responded immediately, began an investigation and activated remediation efforts after the incident affected operations across its hospitals. Drug Topics reported the disruption hit both patient-facing services and back-end systems. Ascension is one of the largest nonprofit health systems in the United States, with hospitals and care sites across multiple states. ### What exactly did Ascension say was disrupted? Ascension said on May 9, 2024 that it had taken several systems offline “to protect them” and to safeguard patient information as it investigated the event. The company did not publicly detail the full scope of the outage in that initial update, but it said its care teams were trained for such interruptions and were working to continue delivering care. (about.ascension.org) Drug Topics reported that the disruption affected patient-facing services as well as internal systems, underscoring how a hospital cyber incident can reach scheduling, communications and administrative workflows at the same time. Ascension’s public update referred patients and partners to a dedicated cybersecurity event page for further notices. ### Why does this incident get discussed alongside Change Healthcare? (about.ascension.org) CMS said on March 6, 2024 that the Change Healthcare cyberattack had been felt across the health care sector, from pharmacies and hospitals to physician offices, and had affected some people’s ability to get care or prescriptions. The agency described the attack as a broad disruption to health care electronic data interchange and claims-related operations. (drugtopics.com) UnitedHealth Group said on March 7, 2024 that the Change Healthcare attack had hit “claims and payment infrastructure” across the U.S. health system. In an April 22, 2024 update, UnitedHealth said it was making progress restoring services while continuing to review impacted patient data and support affected people. ### How is Ascension’s disruption different from the Change breach? (cms.gov) Ascension’s May 2024 event was a direct disruption to one hospital system’s own network operations, while the Change Healthcare breach centered on a widely used clearinghouse and payment platform that connects insurers, pharmacies and providers. The difference matters because one incident can interrupt bedside and hospital workflows, while the other can choke off billing, claims submission and payment flows across many organizations at once. (unitedhealthgroup.com) That distinction is an inference drawn from the companies’ descriptions of the affected systems. CMS created temporary accelerated and advance payment measures in response to the Change attack, saying providers had experienced cash-flow disruptions after Change went offline in February 2024. The agency later said it was preparing to close that program after offering relief to Medicare providers and suppliers affected by the outage. ### What does Ascension’s later reporting show about the fallout? (about.ascension.org) Ascension said in its February 2025 financial results that same-facility patient volume had improved 5% to 6% since the cyber event and that key operational indicators were returning toward normal. That update suggested the effects of the spring 2024 disruption extended well beyond the initial outage window. (cms.gov) Ascension also said in May 2026 that some hospital safety-grade reporting had faced challenges stemming from the spring 2024 cyberattack. That disclosure showed the incident was still being cited in company materials two years later. ### Where should patients and providers look for the next update? Ascension’s May 9, 2024 notice told patients, clinicians and partners to monitor its cybersecurity event updates for new information as the investigation continued. (about.ascension.org) UnitedHealth Group maintains a separate Change Healthcare update page, and CMS has continued to post statements and guidance tied to the earlier attack’s effect on providers and claims processing. (about.ascension.org 1) (about.ascension.org 2)