In a recent update, Ascension has provided new details regarding the cyberattack on its systems that occurred earlier this year. The Ascension data breach, which first came to light in June, was the result of a malicious file being downloaded by an employee, allowing cybercriminals to access Ascension’s network.
Since then, the health system has been working diligently with third-party experts to investigate the scope of the data breach at Ascension and determine the extent to which patient and employee information was compromised.
New Details of June Ascension Data Breach
Ascension’s latest statement confirmed that after months of thorough investigation, the review of the compromised data is now complete. In their announcement, the health system stated, “Since the May ransomware attack, we have been working with third-party experts to investigate what individuals’ data may have been involved in this incident. That review of the data is now complete, and starting today, Ascension will begin the process of notifying individuals whose personal information was involved in this incident.”
While the full extent of the data breach at Ascension cannot be confirmed for each individual, it is believed that various types of sensitive information were exposed. This includes medical details such as medical record numbers, dates of service, types of lab tests, procedure codes, and payment information such as credit card numbers and bank account details. Additionally, information like Medicaid/Medicare IDs, insurance policy numbers, and government identification numbers, such as Social Security numbers, were also compromised.
Protective Measures and Notifications
Ascension reassured individuals that their Electronic Health Records (EHR) and other clinical systems, which house comprehensive patient data, were not affected by the attack. Importantly, there is no evidence to suggest that full patient records were stolen from these secure platforms.
To help mitigate potential damage from the Ascension cyberattack, the health system will offer complimentary credit monitoring and identity protection services to those affected. The company confirmed that individuals will begin receiving notification letters in the coming weeks, with a timeline of 2-3 weeks for all affected individuals to be informed. These letters will outline the necessary steps to enroll in the identity protection services.
Ascension’s update also emphasized the importance of continued vigilance. A representative from Ascension stated, “We are incredibly thankful for the continued support from our patients and the communities we serve. To our dedicated clinicians, thank you for your tireless efforts and commitment to both our patients and our organization.” They highlighted the collective resilience of Ascension’s employees and expressed deep gratitude for their contributions during this difficult time.
What Data Was Involved in the Ascension Cyberattack?
As Ascension continued its investigation into the cyberattack, it became clear that personal information from patients, senior living residents, and employees had been compromised. The data involved varies by individual, but it may include medical information (such as medical record number, dates of service, and procedure codes), payment information (including credit card or bank account numbers), insurance details (such as Medicaid/Medicare ID and policy numbers), and government identification (like Social Security numbers or driver’s license numbers).
Ascension has denoted that while the incident involved patient data, their core medical records, stored in Electronic Health Records (EHR), were unaffected. This detail is crucial as it ensures that patient care is not disrupted, and clinicians have continued to access medical histories and prescribe medications without interruption.
Credit Monitoring Services: How to Enroll
As part of its response to the Ascension data breach, Ascension is offering free credit monitoring services for affected individuals. Those who are notified can sign up for identity protection services through Ascension’s dedicated platform. Individuals can visit the official website or call (866) 724-3233 between 8:00 a.m. and 8:00 p.m. for assistance in enrolling.
For individuals who had previously enrolled in the credit monitoring service offered after the initial breach, Ascension confirmed that they could still take advantage of a new round of monitoring. This service will begin immediately upon enrollment and will be available for two years.
