Healthcare provider Ascension has disclosed the sensitive information of 5.6 million patients that was compromised in a major cyberattack earlier this year.
The ransomware attack occurred in May and threw the company into chaos, patient portals and files were inaccessible, optional services were canceled, and some ambulances were diverted, according to a file filed with the Maine Attorney General reported by TechRadar. Ascension did not name the hackers, but CNN published reports indicating they were from a Russian-speaking cybercriminal organization known as Black Basta. It is unclear whether Ascension paid a ransom to bring the systems back online.
The hackers accessed the personal information of nearly 5.6 million Ascension patients such as medical record numbers and lab tests as well as credit card and bank account information. Insurance information, such as Medicare/Medicaid numbers, was also leaked along with personal information such as addresses, Social Security numbers and passport information.
Mashable Light Speed
Ascension is in the process of notifying those affected by the attack, as letters are delivered to the victims over the next few weeks.
Ascension wasn’t the only healthcare company hit by ransomware in 2024 — UnitedHealth paid hackers $22 million after being attacked earlier in the year, with more than 100 million people affected.