Ascension, a leading U.S. healthcare provider operating 140 hospitals and 40 senior care facilities, has disclosed a significant cybersecurity incident affecting 5.6 million patients and employees. The May 2023 breach, attributed to the Black Basta ransomware group, resulted in the theft of sensitive personal and health information.
Impact and Response
– 5,599,699 individuals affected
– Free 24-month IDX identity theft protection offered
– $1,000,000 insurance reimbursement policy provided
– Law enforcement and CISA notified
Compromised Data Includes:
– Medical information and records
– Payment details
– Insurance information
– Government IDs
– Personal identification data
Incident Details
The breach occurred on May 7-8, 2023, when an employee inadvertently downloaded malicious software. The attack disrupted critical systems including:
– MyChart electronic health records
– Communication systems
– Medical ordering systems
Operational Impact:
– Temporary switch to paper records
– Suspension of non-emergency procedures
– Emergency services diverted
– Limited system access
Black Basta Connection
The attack has been linked to the Black Basta ransomware group, which has:
– Collected over $100 million from 90+ victims
– Targeted multiple high-profile organizations
– Recently increased focus on healthcare sector attacks
Ascension, with $28.3 billion in revenue (2023), continues to address the incident’s aftermath while implementing enhanced security measures to prevent future breaches.