Health Care Giant Ascension Says 5.6 Million Patients Affected In Cyberattack


An anonymous reader quotes a report from Ars Technica: Health care company Ascension lost sensitive data for nearly 5.6 million individuals in a cyberattack that was attributed to a notorious ransomware gang, according to documents filed with the attorney general of Maine. Ascension owns 140 hospitals and scores of assisted living facilities. In May, the organization was hit with an attack that caused mass disruptions as staff was forced to move to manual processes that caused errors, delayed or lost lab results, and diversions of ambulances to other hospitals. Ascension managed to restore most services by mid-June. At the time, the company said the attackers had stolen protected health information and personally identifiable information for an undisclosed number of people.

A filing Ascension made earlier in December revealed that nearly 5.6 million people were affected by the breach. Data stolen depended on the particular person but included individuals’ names and medical information (e.g., medical record numbers, dates of service, types of lab tests, or procedure codes), payment information (e.g., credit card information or bank account numbers), insurance information (e.g., Medicaid/Medicare ID, policy number, or insurance claim), government
identification (e.g., Social Security numbers, tax identification numbers, driver’s license numbers, or passport numbers), and other personal information (such as date of birth or address). Ascension is now in the process of notifying affected individuals. The organization is also offering two years of credit and fraud monitoring, a $1 million insurance reimbursement policy, and managed ID theft recovery services. The services became effective last Thursday. Further reading: Black Basta Ransomware Attack Brought Down Ascension IT Systems, Report Finds



Source link