In a major data breach disclosed recently, healthcare provider Ascension announced that sensitive information of 5.6 million patients was compromised during a ransomware attack in May 2023.
The cyberattack severely disrupted Ascension's operations, forcing the healthcare system to postpone elective procedures and redirect ambulances. Patient portals and medical files became inaccessible during the incident.
According to reports filed with the Maine Attorney General, the hackers gained access to highly sensitive patient data including:
- Medical record numbers
- Laboratory test results
- Credit card details
- Bank account information
- Medicare/Medicaid numbers
- Social Security numbers
- Passport information
- Home addresses
While Ascension has not officially named the perpetrators, previous media reports linked the attack to Black Basta, a Russian-speaking cybercrime group. It remains unclear whether Ascension paid any ransom to restore their systems.
The healthcare provider is currently notifying affected individuals through letters that will be sent over the coming weeks.
This incident follows another major cyberattack in the healthcare sector this year, where UnitedHealth paid $22 million in ransom after hackers compromised data of over 100 million people.
The breach highlights the growing cyber threats faced by healthcare organizations that maintain vast databases of sensitive patient information.