A recent cyberattack on healthcare giant Ascension has exposed the medical data of 5.6 million customers, according to a filing with the Maine attorney general’s office. This breach, which occurred on May 8, was the result of an employee inadvertently downloading a malicious file, believing it to be legitimate. While the organization has stated that there was no indication of malicious intent, the incident has raised concerns about the security of sensitive patient information.
After months of investigation with third-party experts, Ascension determined that sensitive data belonging to current and former patients, senior living residents, and employees was potentially exposed. The compromised information includes medical details such as medical record numbers, dates of service, lab test types, and procedure codes. Additionally, payment information, insurance details, government identification, and personal information such as addresses and dates of birth were also potentially involved in the breach.
Despite the breach, Ascension confirmed that its electronic health records and core clinical systems, where full patient records are stored, were not accessed during the attack. This is a critical reassurance for patients and employees of the healthcare giant.
This breach is part of a larger trend of cyberattacks targeting healthcare organizations. In 2024 alone, major breaches have been reported, including a cyberattack against Change Healthcare impacting 100 million people and a data breach at Kaiser Permanente affecting 13.4 million individuals. In response to these incidents, legislation such as the Health Care Cybersecurity and Resiliency Act is being proposed to strengthen cybersecurity defenses in the healthcare sector.
Tim Rawlins, senior adviser and director for security at cybersecurity consultancy NCC Group, emphasized the importance of implementing basic cybersecurity measures such as individual logins, multi-factor authentication, and secure systems to prevent future attacks. With the increasing prominence of cyberattacks and the risks associated with IoT medical devices, healthcare organizations must prioritize cybersecurity to protect sensitive patient data.
As the healthcare industry continues to face cybersecurity challenges, it is crucial for organizations like Ascension to invest in robust security measures to safeguard patient information and maintain trust in the healthcare system.
