Post

Ascension Data Breach: Over 430,000 Patients Affected in Cyber Attack

Posted
By Vitus White
2 min read
Ascension Data Breach: Over 430,000 Patients Affected in Cyber Attack

TL;DR

A data breach at Ascension, one of the largest private healthcare systems in the United States, exposed the personal and health information of over 430,000 patients. The breach, caused by a compromised former business partner, highlights the ongoing vulnerabilities in healthcare cybersecurity.

Main Content

Ascension Data Breach Exposes Personal Information of Over 430,000 Patients

Ascension, one of the largest private healthcare systems in the United States, recently notified patients of a significant data breach that exposed the personal and health information of over 430,000 individuals. The incident, which occurred in December 2024, was linked to a compromised former business partner.

Details of the Data Breach

The compromised data includes sensitive information such as:

  • Names
  • Contact information
  • Social Security numbers (SSNs)
  • Medical visit details

The specific information varies by individual, adding complexity to the breach’s impact.

Official Notification and Investigation

Ascension promptly initiated an investigation upon learning of the potential security incident on December 5, 2024. The investigation concluded on January 21, 2025, confirming that Ascension had inadvertently disclosed information to a former business partner. This partner’s vulnerability in third-party software likely led to the data theft.

“On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. We immediately initiated an investigation to determine whether and how a security incident occurred.” - Data Breach Notification

Potential Cause of the Breach

While Ascension did not provide technical details, the breach is suspected to be linked to Clop ransomware attacks exploiting a Cleo file transfer software flaw1.

Ascension’s Response

In response to the breach, Ascension is offering affected individuals two years of free identity monitoring services through Kroll. These services include credit monitoring, fraud support, and identity theft restoration.

Impact and Reporting

The healthcare organization reported that the incident impacted:

  • 114,692 individuals in Texas
  • 96 individuals in Massachusetts

Furthermore, a filing with the U.S. Department of Health & Human Services (HHS) on April 28 confirmed that the data breach affected a total of 437,329 individuals.

Previous Cybersecurity Incidents

This is not the first cybersecurity incident for Ascension. In May 2024, the organization was hit by a Black Basta ransomware attack that significantly disrupted hospital operations2.

Follow for More Updates

For the latest updates on cybersecurity and healthcare data breaches, follow:

Additional Resources

For further insights, check:

Conclusion

The Ascension data breach underscores the critical need for robust cybersecurity measures in the healthcare industry. As cyber threats continue to evolve, healthcare organizations must prioritize data protection to safeguard patient information and maintain trust.

References

  1. Security Affairs (2025). “Clop ransomware attacks exploiting a Cleo file transfer software flaw”. Security Affairs. Retrieved 2025-05-10. ↩︎

  2. Security Affairs (2024). “Cyberattack hit Ascension healthcare”. Security Affairs. Retrieved 2025-05-10. ↩︎

Cybersecurity & Data Protection, Data Breaches
cybersecurity data breach healthcare
This post is licensed under CC BY 4.0 by the author.