Ascension Data Breach Exposes 5.6M Records, Including SSNs and Medical Info
US healthcare behemoth Ascension has endured a substantial data breach, impacting roughly 5.6 million individuals. The breach, suspected to be the handiwork of the ransomware group Black Basta, transpired after an employee inadvertently downloaded a malicious file, likely via a phishing attack.
The incident was uncovered on May 8, 2024, with Ascension swiftly enlisting cybersecurity experts to probe the matter. Compromised data includes personal particulars such as names, dates of birth, addresses, Social Security numbers, and drivers' licenses, alongside medical intelligence like medical record numbers, dates of service, types of lab tests, or procedure codes. Financial details, including credit card information or bank account numbers, were also laid bare. The breach resulted in ambulance reroutes and delayed patient appointments. Ascension is alerting affected individuals via email and providing credit monitoring, insurance reimbursement, and ID theft recovery services.
The root cause of the incident was an employee's accidental acquisition of a malicious file, hinting at a phishing attack. Although the ransomware group Black Basta is suspected, affirmation is still outstanding. Ascension identified the unauthorized activity on May 8, 2024, and promptly launched an investigation. The breach has compromised sensitive personal, medical, and financial data of approximately 5.6 million individuals.
