AUSTIN, Texas — A former Ascension Seton patient is now suing Ascension following a cyberattack earlier this month.
The Hays County woman claims her information was compromised following the ransomware incident on May 8.
According to the lawsuit, the woman was a patient at Ascension Seton Williamson Hospital in Round Rock in 2023 and learned about the recent cybersecurity breach through the news.
What happened?
According to Ascension, hospital officials detected unusual activity due to a "cybersecurity event" on May 8. Ascension said its electronic health records and other systems used to order tests, procedures and medications were affected. In an update on Saturday, Ascension said the incident was a ransomware attack.
Ascension said it doesn't have a timeline to completely restore services and that multiple agencies, including the FBI, are investigating the attack.
While Ascension said the scope of the incident is still under investigation, the lawsuit claims Ascension's data and patient's personal information was not encrypted and was accessed by a Black Basta ransomware attack.
What is Black Basta?
According to the Cybersecurity & Infrastructure Security Agency (CISA), Black Basta is a ransomware-as-a-service (RaaS) variant that was first identified in April 2022. The CISA says Black Basta affiliates have targeted more than 500 industry and critical infrastructure entities, including health care organizations worldwide.
The RaaS business model lets a ransomware group sell its code or malware to hackers, who then use it to carry out their own attacks. According to IBM, ransomware attacks were the second most common type of cyberattack in 2022.
KVUE reached out to Ascension for an on-camera interview. The hospital system declined, but a spokesperson referenced a statement that said Ascension is working with a third-party expert to help investigate the security issue and has notified authorities.