Ascension cyberattack exposes data from 5.6 million people

Dive Transient:

Knowledge from practically 5.6 million individuals was uncovered attributable to a ransomware assault on nonprofit well being system Ascension this spring, in keeping with a report back to federal regulators.
The assault compromised private info from some present and former Ascension sufferers, senior residing residents and staff, the system mentioned on Thursday. Private particulars, medical info, fee info, insurance coverage particulars and authorities ID numbers, together with Social Safety numbers, may have been uncovered.
The breach is the third largest reported to the HHS’ Workplace for Civil Rights’ healthcare knowledge breach portal this yr, trailing solely incidents at Change Healthcare and Kaiser Basis Well being Plan.

Dive Perception:

Ascension, one of many nation’s largest nonprofit well being techniques, was hit by a ransomware assault in Might.

The assault took some essential expertise techniques offline, together with Ascension’s digital well being document system and affected person portal. Some services had been pressured to divert ambulances, and the well being system paused some elective care within the wake of the incident.

The assault additionally slammed Ascension’s backside line. The supplier posted a $1.1 billion web loss in its 2024 fiscal yr, noting its monetary enchancment from the earlier yr was considerably hamstrung by the cyberattack.

In June, Ascension reported that cybercriminals gained entry to its techniques after a employee by chance downloaded a malicious file, and that personally identifiable and guarded well being info could have been uncovered.

Now, the well being system has accomplished its assessment of what knowledge could have been compromised. Ascension is mailing letters to affected individuals, which needs to be delivered over the following two to a few weeks, the well being system mentioned in an replace Thursday.

Although affected person knowledge was concerned, Ascension mentioned it discovered no proof that knowledge was stolen from EHR and different scientific techniques, the place full affected person data are saved. 

The Ascension breach comes on the tail finish of a difficult yr for healthcare cybersecurity. The assault on UnitedHealth-owned expertise agency and claims processor Change disrupted the trade for weeks early this yr, and it uncovered knowledge from 100 million individuals — the most important healthcare breach ever reported to federal regulators. 

Different giant breaches in 2024 embody Kaiser Basis Well being Plan, which uncovered knowledge from 13.4 million present and former plan members, and well being advantages administrator HealthEquity, which impacted 4.3 million individuals.