Ascension Health, one of the largest health systems in the United States, has reported a significant data security breach that could potentially affect around 5.6 million patient records, including patients and employees.
The organization announced that unauthorized activity was detected on its technology systems earlier this year, prompting swift action to investigate and mitigate the impact of the incident.
The breach occurred on May 7 and 8, 2024, when a cybercriminal gained access to Ascension’s technology systems during a ransomware attack.
Upon discovering the breach on May 8, Ascension initiated an investigation with the help of leading cybersecurity experts and notified appropriate law enforcement agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
The investigation revealed that the cybercriminal accessed and obtained copies of files containing sensitive personal information.
The information you provided indicates a data breach involving highly sensitive personal information. Below is a brief analysis of the types of data compromised and potential impacts:
The investigation revealed that the cybercriminal accessed and obtained copies of files containing sensitive personal information, including:
- Payment Details (credit card numbers, billing information)
- Personal Identifiable Information (PII)
- Names
- Addresses
- Dates of Birth
- Government Identification Numbers (e.g., Social Security, Driver’s License, Passport)
- Medical Records
- Insurance Information
- Medicaid/Medicare ID
- Policy number, or insurance claim
Response and Protective Measures
Ascension Health acted swiftly to address the breach. In addition to launching a thorough investigation, the organization implemented enhanced monitoring and security protocols to safeguard its systems from potential future incidents.
The health system has also worked to identify affected individuals and is in the process of notifying those impacted.
To help mitigate the potential risks, Ascension is offering 24 months of free identity protection services to affected individuals through IDX, a trusted leader in identity recovery and privacy protection.
These services include credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and fully managed identity theft recovery assistance.
Notifications to approximately 658 Maine residents impacted by the breach are being sent via the United States Postal Service beginning December 19, 2024.
Ascension expressed regret over the incident and the inconvenience it may cause. Affected individuals are encouraged to take steps to protect their personal information.
Ascension has provided detailed instructions on how to enroll in the complimentary identity protection services and offered additional guidance on safeguarding sensitive data.
Individuals impacted by the breach are urged to monitor their financial and medical accounts closely for any suspicious activity.
Enrollment in the IDX services can further aid in protecting against identity theft or misuse of personal information. Ascension’s notification letters include an enrollment code and detailed instructions on how to activate these services.
For individuals seeking more information or assistance, Ascension has provided contact details in its breach notification statement.
Ascension Health emphasized its commitment to protecting the privacy and security of its patients and employees. The organization has implemented enhanced cybersecurity measures and policies to prevent similar occurrences in the future.
This data breach highlights the growing threat of cyberattacks on healthcare organizations. Ascension Health’s proactive steps to notify affected individuals and provide protective measures demonstrate its commitment to supporting and safeguarding those impacted.
For More Interesting Daily Cybersecurity Stories, Follow us on LinkedIn, X and Google News