Ascension, a prominent health system, has recently provided additional details about the cyberattack that targeted its systems earlier this year. The breach, which initially came to light in June, was traced back to an employee downloading a malicious file, granting cybercriminals access to Ascension’s network.
After months of intense investigation, Ascension has completed its review of the compromised data. The health system has confirmed that they are now prepared to notify individuals whose personal information was impacted by the breach. The compromised data is believed to include a wide array of sensitive information such as medical record numbers, dates of service, lab test types, procedure codes, and even payment details like credit card and bank account numbers. Additionally, Medicaid/Medicare IDs, insurance policy numbers, and government identification numbers like Social Security numbers were also compromised.
Despite the severity of the breach, Ascension reassured individuals that their Electronic Health Records (EHR) and other clinical systems remained unaffected by the attack. This means that comprehensive patient data housed in these secure platforms was not breached or stolen.
In response to the cyberattack, Ascension has taken proactive measures to mitigate potential harm to those affected. The health system will provide complimentary credit monitoring and identity protection services to individuals impacted by the breach. Notification letters will be sent out in the coming weeks to inform affected individuals, with a target timeline of 2-3 weeks to reach all affected parties. These letters will contain instructions on how to enroll in the identity protection services.
In their latest update, Ascension underlined the importance of remaining vigilant in the face of such cyber threats. They expressed gratitude towards patients, communities, and dedicated clinicians for their ongoing support and resilience during this challenging period.
Further investigation into the cyberattack revealed that personal data from patients, senior living residents, and employees had been compromised. The affected data varies by individual but may include medical information, payment details, insurance information, and government identification numbers. However, it was confirmed that the core medical records stored in EHR were not affected, ensuring continuity of patient care.
Individuals notified of the breach can enroll in the free credit monitoring services provided by Ascension. Enrollment can be done through the dedicated platform on Ascension’s website or by calling the assistance line during specified hours. Those who had previously enrolled in credit monitoring services after the initial breach can still benefit from a new round of monitoring, which will be active for two years upon enrollment.
As the investigation and response to the cyberattack continue, Ascension remains committed to addressing the breach’s impact and taking measures to safeguard the affected individuals’ information. The health system’s transparency and swift action in notifying and providing assistance to those affected demonstrate their dedication to maintaining data security and protecting their patients and employees.