Ascension discloses new data breach after third-party hacking incident

​Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. Even though the breach notifications didn't include any information regarding the total number of patients who had their data exposed in this breach, the healthcare system said in an April 28 filing with Massachusetts' Office of the Attorney General that 96 MA residents were affected and had their medical records and SSNs exposed in the incident. While the company didn't share any additional details regarding the breach impacting its former business partner, the timeline of the breach implies the attack was part of a series of Clop ransomware data theft attacks that exploited a zero-day flaw in Cleo secure file transfer software. Last year, Ascension notified nearly 5.6 million patients and employees that their personal and health data had been stolen in a May 2024 Black Basta ransomware attack. Ascension now offers two years of free identity monitoring services, including credit monitoring, fraud consultation, and identity theft restoration to those affected by this data breach. We immediately initiated an investigation to determine whether and how a security incident occurred," Ascension says in data breach notifications sent to affected individuals. Depending on the impacted patient, the attackers gained access to a combination of personal information, including name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers (SSNs). They could also access personal health information related to inpatient visits, including the physician's name, admission and discharge dates, diagnosis and billing codes, medical record number, and insurance company name. After the incident, Ascension revealed that the ransomware breach resulted from an employee who downloaded a malicious file onto a company device. "On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 30 Apr 2025 13:25:27 +0000


Cyber News related to Ascension discloses new data breach after third-party hacking incident

Ascension Cyber Attack Leaves Healthcare Sector Reeling - On May 9, Ascension, the largest nonprofit and Catholic health system in the United States, announced that it fell victim to a major cyber attack. The attack on Ascension is different since it directly impacts clinical operations across multiple ...
11 months ago Securityboulevard.com Black Basta
Ascension discloses new data breach after third-party hacking incident - ​Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. Even ...
6 hours ago Bleepingcomputer.com Black Basta
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com
What is digital forensics and incident response? - Digital forensics and incident response is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. As the acronym implies, DFIR integrates digital forensics and incident ...
1 year ago Techtarget.com
Health Care Network in Crisis: Cyberattack Shuts Down Operations Across US - In a statement released Thursday evening by Ascension Hospital, a nonprofit network based in St. Louis with 140 hospitals across 19 states, it was also reported that electronic health records, some phone systems, as well as several systems used to ...
11 months ago Cysecurity.news Black Basta
Incident Response Plan: How to Build, Examples, Template - A strong incident response plan - guidance that dictates what to do in the event of a security incident - is vital to ensure organizations can recover from an attack or other cybersecurity event and minimize potential disruption to company ...
1 year ago Techtarget.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
New Microsoft Incident Response team guide shares best practices for security teams and leaders - The incident response process can be a maze that security professionals must quickly learn to navigate-which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. ...
1 year ago Microsoft.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
How to Conduct Incident Response Tabletop Exercises - An incident response tabletop exercise is an activity that involves testing the processes outlined in an incident response plan. Attack simulations are run to ensure incident response team members know their roles and responsibilities - and whether ...
1 year ago Techtarget.com
Ascension Healthcare Hacked via Third-party Business Partner - Ascension Healthcare, one of the largest private healthcare systems in the United States, has disclosed a significant data breach after sensitive patient information was compromised through a third-party business partner. The incident, which affects ...
5 hours ago Cybersecuritynews.com
Fidelity Faces Second Data Breach Linked to Third-Party Provider: Infosys McCamish - Fidelity Investments Life Insurance Company faces another data breach challenge as it discloses a breach affecting a significant number of individuals. The breach, linked to third-party service provider Infosys McCamish, heightens worries over data ...
1 year ago Cysecurity.news
Ascension suffers Cyber Attack - Ascension, a provider of services related to hospital care and senior living facilities, has released an official statement acknowledging a cyber-attack on its IT network. The exact nature of the incident has yet to be disclosed, but unofficial ...
11 months ago Cybersecurity-insiders.com Ransomhub
4 key steps to building an incident response plan - In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses the components of an effective security incident response strategy and how they work together to ensure organizations can address cybersecurity issues. An ...
9 months ago Helpnetsecurity.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
1 year ago Jdsupra.com
EasyPark discloses data breach that may impact millions of users - Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users. EasyPark is a Swedish company that creates mobile and web apps ...
1 year ago Bleepingcomputer.com
Forward Bank Notifies 46,019 Customers of Recent Data Breach - On November 17, 2023, Forward Bank filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access certain files on the company's computer network. In this notice, Forward Bank explains ...
1 year ago Jdsupra.com
Dakota Eye Institute Files Notice of Data Breach Affecting More Than 107k Individuals - On October 23, 2023, the Dakota Eye Institute filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that patients' personal information was compromised following a cyberattack. ...
1 year ago Jdsupra.com
Neurosurgeons of New Jersey Confirms Cyber Attack Resulting in Recent Data Breach - On December 4, 2023, Neurosurgical Associates of New Jersey filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering. In this notice, Neurosurgeons of New Jersey explains that an ...
1 year ago Jdsupra.com
Citrin Cooperman Advisors Files Notice of Data Breach Following Cyberattack - On November 6, 2023, Citrin Cooperman Advisors LLC filed a notice of data breach with the Attorney General of Vermont after discovering a recent cyberattack targeting the company's computer network. In this notice, Citrin Cooperman explains that the ...
1 year ago Jdsupra.com
Crum & Forster Notifies Nearly 14k Consumers of Recent Data Breach Leaking Their SSNs - On October 9, 2023, Crum & Forster filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to access the company's computer network. In this notice, Crum & Forster explains that the ...
1 year ago Jdsupra.com
How to create an incident response playbook - Creating and maintaining an incident response playbook can significantly improve the speed and effectiveness of your organization's incident response. To help, here's a crash course on what incident response playbooks are, why they are important, how ...
1 year ago Techtarget.com
Nurses at Ascension hospital in Michigan raise alarms about safety following ransomware attack - A nurses union in Michigan is demanding the implementation of safety precautions following weeks of chaos due to a ransomware attack on Catholic hospital network Ascension. In a petition directed at Ascension CEO Joseph Impicciche and several other ...
11 months ago Therecord.media
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
9 months ago Securityaffairs.com Cactus Ransomhub
A Heimdal MXDR Expert on Incident Response Best Practices and Myth Busting - I got to talk to Dragoș Roșioru, a seasoned MXDR expert, about incident response best practices and challenges. Get an in-depth understanding of the do's and don'ts in incident response as Dragoș explains how to avoid the most common mistakes ...
1 year ago Heimdalsecurity.com

Cyber Trends (last 7 days)