On June 6, 2023, Ascension posted a notice describing a “security incident” on its website after learning that a cyberattack at one of the company’s vendors resulted in leaked patient data. Based on the company’s post, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, addresses, email addresses, phone numbers, and insurance information. After confirming that consumer data was leaked, Ascension began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Ascension, it is essential you understand what is at risk and what you can do about it. Although the recent breach didn’t impact Ascension’s systems directly, it did affect patient information provided to the company. This is because hackers were able to breach the network of one of Ascension’s third-party vendors. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Ascension data breach, please see our recent piece on the topic here.
What We Know So Far About the Ascension Breach
News of the Ascension data breach is still fresh; however, what we know at this point comes from a June 6, 2023 post entitled “Texas Security Incident.” According to this source, on March 2, 2023, Ascension was notified by Vertex, a third-party vendor that managed several Ascension websites, that Vertex had experienced a data security incident. In response, Vertex launched an investigation into the incident in hopes of learning what, if any, patient data was leaked as a result.
The Vertex investigation confirmed that an unauthorized party was able to access the company’s network and encrypt certain files. Vertex was also able to determine that some of these files contained confidential patient information. While not all Ascension websites were impacted by the incident, information contained on any of the following legacy websites was affected: Providence.net, Seton.net, and DellChildrens.net.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Ascension, with the help of Vertex, began reviewing the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, address, email address, phone number, and insurance information. Ascension indicated that there may be other personal data leaked, as well.
On June 6, 2023, Ascension posted a notice on its website explaining the incident. In this post, Ascension notes that it has sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Ascension
Ascension is a faith-based healthcare organization based out of St. Louis, Missouri. The company is the world’s largest Catholic health system, as well as the largest non-profit health system in the United States. Ascension operates in 16 states, including Alabama, Florida, Georgia, Illinois, Indiana, Kansas, Kentucky, Maryland, Michigan, Missouri, Mississippi, New York, Oklahoma, Tennessee, Texas, Wisconsin and Washington, D.C. Ascension employs more than 139,000 people and generates approximately $28 billion in annual revenue.
