- How to clear your TV cache (and why you shouldn't wait to do it)
- I gave my Android phone thermal vision superpowers with this accessory
- My favorite 12-in-1 electric screwdriver is the only one you'll need - and it's on sale
- This large-screen Samsung tablet left me with no iPad Pro envy - and it's up to $800 off
- This TCL Mini LED is the TV deal I recommend to most people - especially at up to $800 off
Ransomware Attack Exposes Data of 5.6 Million Ascension Patients
Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension.
The company shared the extent of the data breach in a filing to the Office of the Maine Attorney General on December 19.
Following an investigation, Ascension discovered that the attackers obtained copies of files containing the personal information of its patients and employees.
This information included:
- Personal details, including names, dates of birth, addresses, Social Security numbers and drivers’ licenses’
- Medical information, including medical record numbers, dates of service, types of lab tests, or procedure codes
- Financial details, including credit card information or bank account number
The type of information accessed varied by individual, Ascension said.
However, there is currently no evidence that data was taken from its Electronic Health Records (EHR) and other clinical systems, where full patient records are stored.
The non-profit healthcare provider, which operates 140 hospitals across the US, is in the process of emailing data breach notification letters to the impacted individuals, which will be delivered over the next two to three weeks.
Ascension has also arranged to offer impacted individuals 24 months of credit and CyberScan monitoring, a $1m insurance reimbursement policy and fully managed ID theft recovery services through IDX.
Black Basta Blamed for Ascension Attack
Notorious ransomware-as-a-service (RaaS) group Black Basta was reportedly behind the May 2024 attack, although this has not been confirmed.
The incident caused ambulances to be diverted and patient appointments being postponed.
Read now: Healthcare Hit by a Fifth of Ransomware Incidents
Ascension said that upon detecting unauthorized activity on its systems on May 8, it initiated an investigation with third-party cybersecurity experts.
The firm also reported the incident to law enforcement and government partners, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
In June, Ascension revealed that the ransomware attackers gained access to its systems after an employee accidently downloaded a malicious file, suggesting the root case of the incident was a phishing attack.
