Skip to main content
Bridge Michigan
Michigan’s nonpartisan, nonprofit news source

Cyberattack on Ascension Michigan, other sites, began with ‘honest mistake’

Hospital sign
Ascension hospitals in Michigan have been forced to rely on manual systems and postpone services at times since the cyberattack first detected May 8. (Bridge file photo by Brayan Gutierrez)
  • In its latest ransomware update, Ascension said its systems were breached accidentally when an ‘individual’ working at a site downloaded what they thought was a harmless file
  • The hospital system is offering patients free credit monitoring
  • The cyberattack was first detected on May 8 and disruptions continue

The cyberattack that has hobbled Ascension hospitals in Michigan and elsewhere for more than a month was caused when an “individual” working at one of the Ascension sites “accidentally downloaded a malicious file that they thought was legitimate,” the Catholic health behemoth reported Wednesday.

“We have no reason to believe this was anything but an honest mistake,” Ascension reported.

The download enabled attackers “to take files from a small number of file servers used by our associates primarily for daily and routine tasks” — specifically seven of 25,000 servers — the hospital chain reported.

And that, in turn, put at risk files containing “Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals, although the specific data may differ from individual to individual,” the chain reported, noting “progress” in the investigation.



As of Tuesday, Ascension had restored access to electronic health records in several states and regions. That included four Michigan sites within the Genesys (Flint area), Rochester, Saginaw, and Tawas City markets.

Beyond that, Ascension provided few details about the initial breach.

It’s not clear if the person who downloaded the files was staff, a contractor or a visitor doing work unrelated to the hospital systems, for example. And while Ascension has acknowledged the attack as “ransomware,” it has not said whether it paid the ransom, nor has the attacker or attacking organization been identified.

    Ascension Michigan has repeatedly declined requests for Bridge interviews since the breach. Rather, it has updated patients through a national page here and a page for Michigan patients here.

    It’s also unclear how long it may take to fully restore systems. Earlier this month, Ascension reported a “turning point in our response efforts” in Florida, Alabama and Austin markets.

    Credit-monitoring offer

    The St. Louis-based chain also sought to reassure patients that their personal information may still be safe, even as it extended an offer of credit monitoring services and identity theft protection services.

    (Patients can enroll in the credit monitoring and identity theft protection services at 1-888-498-8066.)


    “Importantly, we have no evidence that data was taken from our Electronic Health Records (EHR) and other clinical systems, where our full patient records are securely stored,” it said in its national update.

    Ascension Michigan hospitals continue to face “ongoing disruption to normal systems” but offices and “care sites” remain open and “all scheduled appointments are proceeding as planned,” Ascension reported in a separate update for Michigan patients.

    Patients “may encounter longer than usual wait times and some delays,” it reiterated, advising them to “bring notes on symptoms and a list of current medications, including prescription numbers or bottles.”

    Some electronic health records and patient portals remain inaccessible, as well as some phone systems and systems used to order “certain tests, procedures and medications.”

    Ascension has been forced to pivot from computers to paperwork at times after a cyberattack breached its systems May 8. That’s when Ascension “detected unusual activity on select technology network systems” — a cybersecurity event that later changed to the more specific term, “ransomware.”

    How impactful was this article for you?

    Michigan Health Watch

    Michigan Health Watch is made possible by generous financial support from:

    Please visit the About page for more information, and subscribe to Michigan Health Watch.

    Only donate if we've informed you about important Michigan issues

    See what new members are saying about why they donated to Bridge Michigan:

    • “In order for this information to be accurate and unbiased it must be underwritten by its readers, not by special interests.” - Larry S.
    • “Not many other media sources report on the topics Bridge does.” - Susan B.
    • “Your journalism is outstanding and rare these days.” - Mark S.

    If you want to ensure the future of nonpartisan, nonprofit Michigan journalism, please become a member today. You, too, will be asked why you donated and maybe we'll feature your quote next time!

    Pay with VISA Pay with MasterCard Pay with American Express Pay with PayPal Donate Now