Ascension Health, one of the biggest healthcare systems in the United States, has disclosed a substantial breach of data security that may impact approximately 5.6 million patient records, encompassing patients and staff.
The organization announced that unapproved activity was identified on its technology systems earlier this year, prompting quick action to look into and alleviate the consequences of the event.
The incident took place on May 7 and 8, 2024, when a cybercriminal successfully breached Ascension’s technology systems during a ransomware attack.
After realizing the breach on May 8, Ascension launched an inquiry with the assistance of leading cybersecurity specialists and informed the relevant law enforcement bodies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
The probe unveiled that the cybercriminal accessed and copied files containing sensitive personal details.
The data that was accessed involves a breach of highly sensitive personal details. Here is a brief analysis of the types of data breached and potential repercussions:
The investigation uncovered that the cybercriminal accessed and copied files containing sensitive personal data, such as:
- Payment Information (credit card details, billing information)
- Personal Identifying Information (PII)
- Names
- Addresses
- Dates of Birth
- Government Identification Numbers (e.g., Social Security, Driver’s License, Passport)
- Medical Histories
- Insurance Data
- Medicaid/Medicare ID
- Policy identifiers, or insurance claims
Response and Protective Measures
Ascension Health acted promptly to address the breach. Alongside launching a thorough investigation, the organization enforced upgraded monitoring and security measures to protect its systems from potential future incidents.
The healthcare system also endeavored to recognize affected individuals and is presently in the process of notifying them.
To minimize potential risks, Ascension is extending 24 months of free identity protection services to affected individuals through IDX, a trusted leader in identity recovery and privacy safeguarding.
These services cover credit and CyberScan monitoring, a $1 million insurance reimbursement policy, and fully managed identity theft recovery assistance.
Notifications to approximately 658 Maine residents affected by the breach are being dispatched via the United States Postal Service starting on December 19, 2024.
Ascension expressed remorse over the event and the inconvenience it may create. Impacted individuals are advised to take actions to safeguard their personal data.
Ascension has furnished detailed instructions on how to enroll in the complimentary identity protection services and provided additional advice on protecting sensitive data.
Affected individuals are encouraged to keep a close eye on their financial and medical accounts for any dubious activities.
Enrolling in the IDX services can further contribute to shielding against identity theft or misuse of personal information. Ascension’s alert letters contain an enrollment code and comprehensive instructions on how to activate these services.
For individuals seeking further details or assistance, Ascension has shared contact information in its breach notification statement.
Ascension Health stressed its dedication to protecting the privacy and security of its patients and employees. The organization has implemented enhanced cybersecurity measures and guidelines to avert similar incidents in the future.
This data security breach underscores the escalating danger of cyberattacks targeting healthcare systems. Ascension Health’s proactive measures in informing affected individuals and offering protective measures illustrate its commitment to assisting and shielding those affected.
The post Ascension Health Hacked – Ransomware Attack Compromised 5.6 Million Patients Data appeared first on Cyber Security News.