- A large healthcare organization has disclosed a data breach
- Ascension was also hit by two significant breaches in 2024
- The latest incident could be linked to the Cl0p ransomware attack
One of the biggest private healthcare systems in the US, Ascension, has notified patients that personally identifiable information (PII) including health data, was stolen in a previously unannounced attack affecting a former business partner in December 2024.
The incident follows a previous ransomware attack in May 2024, in which the sensitive data of six million patients, forcing the company to take systems offline, divert ambulances, and pause elective care in some places.
“On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. We immediately initiated an investigation to determine whether and how a security incident occurred,” Ascension confirmed in its breach notification.
Sensitive data exposed
Attackers reportedly gained access to sensitive information including the name, address, phone number(s), email address, date of birth, race, gender, and Social Security number (SSN), and even clinical and healthcare related information of some patients, depending on the individual.
“Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner. We have since reviewed our processes and are working to implement enhanced measures to prevent similar incidents from occurring in the future,” the company confirmed.
This leaves anyone exposed at serious risk of social engineering attacks or identity theft, especially given that SSNs are involved. To assist anyone affected, Ascension is offering two years of free identity monitoring services including credit monitoring, fraud consultation, and identity theft restoration.
Although nothing is confirmed about the details of the incident, the timing and description of the incident suggest this could be linked to the Cl0p ransomware attack that abused a flaw in Cleo File Transfer software.
The group claimed 59 organizations were affected in the incident, so it’s certainly possible that Ascension is part of that list.
Via BleepingComputer
