- A large health organization has revealed a data violation
- Ascension was also affected by two significant violations in 2024
- The latest incident could be attached to CL0P Ransomware -attack
One of the largest private health systems in the United States, ascension, has informed patients that personally identifiable information (PII) including health data was stolen in a previously unannounced attack affected a former business partner in December 2024.
The incident follows a previous Ransomware attack in May 2024, in which the sensitive data from six million patients forcing the company to take systems offline, divert ambulances and pause optional care in some places.
“On December 5, 2024, we learned that ascension patient information may have been involved in a potential security incident. We immediately began an investigation to decide whether and how a security event happened,” the ascent in his violation of notification confirmed.
Sensitive data exposed
Attackers reportedly gained access to sensitive information including name, address, telephone number (s), e -mail address, date of birth, race, gender and social security number (SSN) and even clinical and health -related information from some patients, depending on the individual.
“Our investigation determined on January 21, 2025, that Ascension unintentionally revealed information to a former business partner, and some of this information was probably stolen from them due to a vulnerability in third -party software used by the former business partner. We have since reviewed our processes and are working to implement improved measures to prevent similar events from the future.”
This leaves any exposed to serious risk of attacks on social technology or identity theft, especially considering that SSNs are involved. To help anyone affected, Ascension offers two years of free identity monitoring services, including credit monitoring, fraud consultation and identity theft restoration.
Although nothing is confirmed about the details of the incident, the timing and description of the incident suggests that this could be linked to the CL0P -Ransomware attack that abused an error in CLEO file transfer software.
The group claimed that 59 organizations were affected in the incident, so it is certainly possible that ascension is part of this list.
Via bleeping computer
