In May, a significant ransomware attack targeted Ascension, a major U.S. healthcare organization operating over 140 hospitals and numerous senior living facilities. This breach compromised the personal and sensitive health information of approximately 5.6 million patients, as revealed in a recent filing with Maine’s attorney general.

The cyberattack led to extensive disruptions within the hospital network. Staff reported distressing lapses in healthcare services, including delayed or misplaced lab results and medication errors, highlighting the profound impact on patient care.

The notorious Black Basta gang has been identified as the perpetrators behind this attack. They managed to acquire a vast array of sensitive data, encompassing:

• Medical information: dates of service, lab tests, procedure codes
• Financial details: credit card and bank account numbers
• Personal identifiers: patient names, addresses, dates of birth
• Identity documents: driving licenses and passports

“The Ascension hack stands as the third-largest healthcare-related breach of 2024,” according to the Department of Health and Human Services’ data breach investigations list.

Department of Health and Human Services

This incident serves as a stark reminder of the vulnerabilities within healthcare systems and underscores the need for robust cybersecurity measures to protect sensitive patient information.