Major Healthcare Data Breach Impacts Over 430,000 Patients Nationwide

Ascension Healthcare Hacked

Eye World Report – Cybersecurity News

Ascension, one of the largest private healthcare networks in the United States, has confirmed a significant data breach involving the sensitive information of more than 430,000 patients. The breach was tied to a third-party incident and came to light through regulatory filings in late April 2025.

The breach originated from a December 2024 event involving a former third-party vendor. A vulnerability in that partner’s file transfer software enabled threat actors to access data that Ascension had inadvertently disclosed. After months of internal investigation, Ascension determined on January 21, 2025, that the data had likely been stolen.

What Information Was Exposed?

According to the notification letters issued by Ascension, the exposed data varies by patient. In many cases, both personally identifiable information (PII) and protected health information (PHI) were compromised. The exposed records may include:

  • Full names, contact details, and birthdates
  • Race, gender, and Social Security numbers
  • Medical record numbers, diagnoses, and billing codes
  • Admission and discharge details
  • Insurance provider names and attending physician details

Geographic Scope of the Breach

While the company initially did not disclose the total number of affected individuals, filings have since clarified the extent. The breach impacted 114,692 individuals in Texas alone and additional residents in Massachusetts. A broader report filed with the U.S. Department of Health & Human Services shows a total of 437,329 affected individuals.

Likely Linked to Clop Ransomware Campaign

Although Ascension has not confirmed the attacker’s identity, the timeline and method suggest ties to the Clop ransomware group. That group exploited a zero-day flaw in Cleo’s secure file transfer platform, widely used by enterprise vendors. This attack pattern matches several incidents seen during late 2024.

A Pattern of Cyber Incidents

This is not the first major incident for Ascension. In May 2024, the organization suffered a Black Basta ransomware attack, which impacted over 5.6 million individuals. That breach stemmed from a malicious file downloaded by an employee, crippling access to electronic medical records and disrupting patient care.

Remediation and Support for Victims

Ascension is offering two years of free identity protection, including:

  • Credit monitoring
  • Identity theft recovery services
  • Fraud consultation

Affected individuals are urged to enroll in these services promptly.

Healthcare Infrastructure at Risk

The breach highlights the cyber risks facing healthcare networks. Ascension currently employs over 142,000 people and operates 142 hospitals and 40 senior care facilities. In 2023, the company reported revenues exceeding $28 billion, underscoring the scale of operations impacted by cybersecurity failures.

Facebook
X
LinkedIn
Picture of Fredrik Bjoerklund
Fredrik Bjoerklund
Fredrik Björklund serves as the CEO of Eye World, bringing with him over two decades of experience in internet-based industries. With a strong background in Internet and Cybersecurity, Fredrik is recognized as a seasoned expert in digital risk management, online infrastructure, and the ever-evolving cybersecurity landscape. His deep understanding of the digital world positions him as a trusted voice in the industry. As part of his leadership role, Fredrik will take an active position in curating and reporting on global cybersecurity developments. He will regularly update the Eye News Section with the latest insights, emerging threats, and critical updates in the cybersecurity domain, ensuring readers are well-informed in an increasingly digital and vulnerable world.

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2025 Eye World AB

Linkedin Youtube

Products

Industries

Knowledge

About Us