How weak passwords and other failings led to catastrophic breach of Ascension

A deep-dive into Active Directory and how "Kerberoasting" breaks it wide open.

See full article...

 

[imikem]

I worked at Ascension some 5-7 years ago. We were migrating their network core from within several hospitals to a pair of standalone data centers. Tons of work. We stood up segmentation, new firewalls and VPN access. I accepted a position with a different company much closer to home, better pay and benefits (gee, tough call there), but negotiated to stay on at Ascension pending the project completion (since I didn't hate my overworked colleagues there).

I left when the second new data center went live. Within two months, Ascension completely abandoned the new network by selling one of the DC sites and terminating lease on the other. Also terminated all but the most junior IT staff and got some Indian outsourcing for systems and networking (they'd already got involved in some of the hospital LAN projects before I left, and after forming my opinion of them and through-the-grapevine murmurs this also figured into leaving).

All this is a long way of saying I am very disappointed, but not in the least shocked. Those guys did practically nothing except stick meaningless lines in open tickets, repeating the original subject for the next shift, who then did exactly the same.

I wouldn't trust those dipshits with an Etch a Sketch.

 

[imikem]

Ascension’s IT services and support went to shit when they offshored almost all IT jobs to an incompetent company based out of India.

I was a sysadmin for ascension from 2015 to 2020 when they fired everyone and even asked some of us to train our overseas replacements.

I came back as a contractor for a couple years after layoffs with 3 times the workload and a fraction the number of IT department members here in the states.

I sure hope ascension realizes their mistakes and re-shores the jobs in the US. I wonder if this ransomware incident could have been avoided if ascension hadn’t laid off nearly every competent IT employee.

<Waves> We overlapped there at some point then. Same experience I had, and shared above. Praying to God is not a security strategy.