Ascension ransomware attack exposes data of 5.6Mn patients, employees
MISSOURI, UNITED STATES — Ascension, one of the largest healthcare systems in the U.S., has confirmed that a ransomware attack in 2024 compromised the personal data of approximately 5.6 million patients and employees.
The breach was disclosed in a report filed with federal authorities, with the health system announcing plans to notify affected individuals within the next two to three weeks.
The compromised data includes sensitive information such as medical records, Social Security numbers, birth dates, addresses, credit card and bank account details, and insurance policy numbers. However, Ascension reassured the public that “there remains no evidence that data was taken from our electronic health records and other clinical systems, where our full patient records are securely stored.”
Cyberattack disrupted healthcare operations for weeks
The ransomware attack, detected in May, caused significant disruptions across Ascension’s operations. System outages forced the cancellation of elective procedures and required emergency cases to be diverted to other facilities.
By June, Ascension had restored its electronic health record systems but acknowledged that some personal data may have been exposed during the incident.
In response to the breach, Ascension is offering credit monitoring and identity protection services to affected individuals. The organization is also working to strengthen its cybersecurity measures to prevent future attacks.
Healthcare industry faces surge in cybersecurity breaches
Ascension’s breach is part of a growing trend of cyberattacks targeting the healthcare sector. In 2024, healthcare organizations experienced hundreds of cyberattacks, with over 168 million individuals affected by reported breaches as of December.
Notable incidents this year include a Change Healthcare cyberattack in February that impacted a third of U.S. patient health records and a Kaiser Foundation Health Plan breach in April affecting 13.4 million individuals.
Experts warn that healthcare systems remain prime targets for cybercriminals due to their reliance on sensitive patient data and interconnected networks. The Ascension attack underscores the urgent need for robust cybersecurity protocols across the industry to safeguard critical systems and personal information from future threats.
Ascension’s commitment to rebuilding trust
As part of its recovery efforts, Ascension aims to reassure patients and employees by addressing vulnerabilities exposed by the attack. The health system’s proactive measures, including offering identity protection services and enhancing cybersecurity defenses, reflect its commitment to rebuilding trust amid rising concerns over data security in healthcare.
