Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack

U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10.

In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross cybersecurity negligence” that left critical infrastructure vulnerable. He cited the 2024 ransomware attack on Ascension, one of the country’s largest nonprofit health systems, which forced hospitals to suspend surgeries and compromised data belonging to more than 5 million patients.

Sen. Wyden said his office’s review found the breach began after a contractor using Microsoft’s Bing search engine clicked on a malicious link, inadvertently downloading malware. Hackers then gained access to Ascension’s network by exploiting a weak encryption protocol called RC4, which remains enabled by default on Windows computers, Bloomberg reported.

A Microsoft spokesperson told Bloomberg the company has discouraged use of RC4 and that it accounts for a small share of its traffic. Microsoft plans to disable the technology by default in new installations of its Active Directory software starting in 2026.

The FTC declined to comment, Bloomberg reported. Ascension also did not respond to the publication’s requests for comment.

The post Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack appeared first on Becker’s Hospital Review | Healthcare News & Analysis.