Thought Leadership
The American healthcare provider Ascension has confirmed that sensitive data of around 5.6 million people was compromised in a ransomware incident in May 2024. The information affected includes both patient and employee data.
The cyberattack on May 8 caused massive disruption to hospital operations. Many facilities had to resort to emergency protocols and redirect patients to other clinics. It was not until mid-June that the Group was able to get most systems back up and running. As CNN reports, citing several sources, the ransomware group Black Basta is believed to be behind the attack. However, no group has yet publicly claimed responsibility for the attack – which, according to experts, indicates that a ransom may have already been paid. Ascension is a non-profit organization that operates one of the largest healthcare systems in the US, with several hundred hospitals and around 40 retirement homes.
Sensitive health data affected
As Ascension announced in an updated press release on December 19, a wide range of personal data was stolen in the attack. This included names, addresses, dates of birth, social security numbers and driver’s license data. Medical information and insurance data also fell into the hands of the attackers.
“The type of data compromised varies from person to person,” says the notification letter to those affected, which is also available to the Maine Attorney General’s Office. The non-profit group, which operates one of the largest healthcare systems in the USA with hundreds of hospitals, intends to inform those affected in writing over the next two to three weeks.
Response and protective measures
As compensation, Ascension is offering those affected one year’s free monitoring of their credit data and identity protection services. These also include an insurance policy for 1 million US dollars.
The incident is one in a series of cyberattacks on the US healthcare system and once again underlines the vulnerability of critical infrastructure to ransomware attacks.
