💰💣

Ascension Security Incident

2024 630 days ago Resolved

Incident Overview

Situation Description

Ascension, a large healthcare system, experienced a significant ransomware cyberattack in 2024 that exposed the data of over 5.6 million patients and disrupted clinical operations.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Healthcare

Geographic Scope

National (US)

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Restored Systems from Secure Backups Engaged Third-Party Forensic Investigators Fulfilled Formal Breach Disclosure Obligations Notified Affected Individuals & Entities Offered Post-Breach Remediation Services Managed Public Narrative & Crisis Communications Revised Incident Response Plan

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

5,600,000

Data Types Compromised

PII (Personally Identifiable Information) PHI (Protected Health Information) Financial Data (Credit Cards, Bank Accounts) Government Data Credentials

Primary Impacts

Operational Disruption Data Exposure Financial Loss Reputational Damage Legal/Regulatory Penalties

Key Decisions Made

Ascension offered two years of free credit monitoring and identity theft protection services to affected patients.; Ascension worked with Mandiant to investigate and remediate the ransomware attack.; Ascension took critical electronic systems offline to contain the ransomware attack.

Technical Analysis

Attack Method

Phishing

Threat Actor Attribution

Black Basta

Additional Information

Blog Online safety education Published May 27, 2025 read Ascension data breach explained: what you should know about the Ascension cyberattack and multiple data breaches of 2024-2025 Mikalai Shershan Chief Technical Officer at Onerep Share Jump to section Ready to stop your personal information exposure? Remove your Name, DOB, Address, Phone Number, Property & Legal Records from 200+ Sites. Start a free 5-day trial Healthcare organizations are always at risk because of the massive amounts of personal, financial and medical data theyre storing. This data is incredibly valuable for cybercriminals, which makes the healthcare sector a common victim of ransomware attacks and data breaches . In recent years, several high-profile data breach incidents shook the industry. Change Healthcare, Kaiser Permanente, and Delta Dental have suffered data breaches that impacted millions of people. Among these, the Ascension data breach stands out as one of the biggest. In 2024, Ascension had a ransomware attack that exposed the data of over 5.6 million patients, followed by multiple non-related third-party data breaches that involved hundreds of thousands more. This article breaks down what happened, whos affected, and, most importantly, what patients should do to protect themselves. What is the Ascension data breach: understanding the incidents Ascension cyberattack: what actually happened Ascension, one of the largest private nonprofit healthcare systems in the U.S., suffered a large-scale ransomware cyberattack in 2024. The incident endangered the privacy of over 5.6 million Ascension patients and disrupted clinical operations at all hospitals. Timeline of the attack February 29th, 2024: According to Maines state attorney general , the initial breach occurred when an employee unknowingly downloaded a malicious file, which gave hackers a way into Ascensions network. From there, they launched a ransomware attack and deployed malware to encrypt files. The employee made an honest...

... (truncated for display)

Quick Facts

Company:: Ascension
Date:: 2024
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 27/05/2025

Source Information

Original Query

healthcare provider ransomware attack "patient data" "notification letter"

View Original Source

Timeline

Information Published

27/05/2025

Incident Occurred

2024 (630 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats