Cybercriminals Target Dell Technologies, Ascension

Dell Technologies and Ascension, the largest Catholic hospital chain in the United States, both reported cyberattacks this week.

A threat actor claims to have stolen Dell Technologies customers' information, while Ascension said its clinical operations have been disrupted. Investigations into both data breaches are ongoing.

Dell Technologies sent us the following statement:

“We recently identified an incident involving a Dell portal with access to a database containing limited types of customer information including name, physical address and certain Dell hardware and order information. It did not include financial or payment information, email address, telephone number or any highly sensitive customer data. Upon discovering this incident, we promptly implemented our incident response procedures, applied containment measures, began investigating and notified law enforcement. We have also engaged a third-party forensics firm to investigate this incident. We continue to monitor the situation and take steps to protect our customers’ information. Although we don’t believe there is significant risk to our customers given the type of information involved, we are taking proactive steps to notify them as appropriate.”

According to Daily Dark Web, a threat actor attempted to sell a Dell Technologies database on the Breach Forums hacking forum on April 28. The threat actor said they stole data from the computer maker for "49 million customer and other information systems purchased from Dell between 2017-2024."

What's Behind Data Breaches

Narayana Pappu, Zendata’s CEO, said approximately 20% of data breaches are due to security misconfiguration, and only 44% of exposed data is encrypted.

Zendata's Narayana Pappu

“Dell's data breach takes advantage of both,” he said. “Pentesting and data classification/management with encryption would have easily prevented this from happening, costing the company a couple of million dollars to remediate beyond brand and revenue impacts.”

Agnidipta Sarkar, vice president of CISO advisory at ColorTokens, said because the data supposedly contains information about systems purchased from Dell between 2017-1024, and it contains personal information such as full names, addresses, cities, etc., it becomes a potential attack vector for someone who can correlate this information with other publicly available information.

“This can then be used to commit fraud or fool individuals with an intent to earn money, especially because today we are seeing AI and deep fakes that could result in the loss of someone’s lifelong savings,” he said. “This could result in litigation due to privacy violations, and depending on how much the information is misused, it could lead to unwanted legal exposure for Dell."

Could this have been prevented? Sarkar said yes and no.

“Everyone in the security community would tend to find fault with the teams handling the cause and impact of the breach, but in reality, only those who are in the middle of this breach know really how this could have been prevented,” he said. “However, generically, with micro segmentation capabilities available today, it is possible to contain this kind of attacks even if an initial access has been made.”

Ascension Cyberattack

Ascension said on May 8, it detected unusual activity on select technology network systems, which it determined is a cybersecurity event.

“Systems that are currently unavailable include our electronic health records system, MyChart (which enables patients to view their medical records and communicate with their providers), some phone systems, and various systems utilized to order certain tests, procedures and medications,” Ascension said in its latest statement. “We have implemented established protocols and procedures to address these particular system disruptions in order to continue to provide safe care to patients. Out of an abundance of caution, however, some non-emergent elective procedures, tests and appointments have been temporarily paused while we work to bring systems back online. Our teams are working directly with any patient whose appointment or procedure will need to be rescheduled. We understand the frustration this may cause and sincerely regret any inconvenience to our patients.”

Due to downtime procedures, several hospitals are currently on diversion for emergency medical services in order to ensure emergency cases are triaged immediately, it said.

Ascension Attack ‘Sounds Like Ransomware’

John Bambenek, president of Bambenek Consulting, said this attack “sounds like ransomware to me, which very quickly moves medical care back to paper charting.”

Bambenek Consulting's John Bambenek

“Several regional hospital and medical chains have seen similar happen to them in recent months as several ransomware groups are targeting these types of organizations,” he said. “Some of these organizations become ‘repeat customers’ of ransomware groups, which suggests a degree of complacency has set in and a mentality that there is little that can be done to prevent it so managing the risk with a combination of insurance, paper charting and acceptance of the increase in mortality rates for hospitals that enduring these attacks is an increasingly typical approach. As a result, the only entity that can really enforce change are the cyber insurance companies who can place terms on renewing policies or what needs to be done after a breach. Until there is an entity like the Cyber Safety Review Board looking at these incidents at hospitals and using regulatory power to enforce cultural change, patients and medical staff will just have to endure cyclical misery.”

Ascension Attack Highlights Potential Vulnerabilities

Callie Guenther, cyber threat research manager at Critical Start, said the cybersecurity incident involving Ascension reveals several intelligence implications crucial for understanding both this specific event and broader cybersecurity threats to the health care sector.

Critical Start's Callie Guenther

“Insights into the types of cybersecurity threats faced by organizations like Ascension help in understanding the tactics, techniques and procedures used by attackers,” she said. “This incident highlights potential vulnerabilities in network systems of large health care providers, raising questions about their risk profiles. Ascension’s response, including engaging Mandiant and coordinating with authorities, provides a case study in incident response that can be analyzed for effectiveness. The readiness of Ascension's care teams to handle disruptions shows the importance of preparedness and contingency planning in critical sectors.”

Compliance with health care regulations like Health Insurance Portability and Accountability Act (HIPAA), which mandates the protection of patient information, will be scrutinized, and any legal repercussions from compromised sensitive information could influence future regulatory actions, Guenther said.

“The incident emphasizes the importance of information sharing within the health care sector and with government agencies to improve defense mechanisms,” she said. “If attackers are from a foreign nation, this could affect global cybersecurity policies. Insights from this incident can inform long-term security strategies and influence resource allocation towards cybersecurity defenses in health care, enhancing preparedness for future challenges.”