Healthcare giant admits over 5 million patients affected by ransomware attack

Healthcare provider Ascension has revealed the sensitive data of 5.6 million patients was compromised in a massive cyberattack earlier this year.

The ransomware attack occurred in May and threw the company into turmoil, with patient portals and files inaccessible, elective services postponed, and some ambulances diverted, according to a filing with the Maine Attorney General that was reported by TechRadar. Ascension did not name the hackers, but CNN previously published reports indicating it stemmed from a Russian-speaking cybercrime affiliate known as Black Basta. It's not clear if Ascension paid a ransom to get their systems back online.

The hackers accessed nearly 5.6 million Ascension patients' personal information like medical record numbers and lab tests as well as credit card information and bank accounts. Insurance information, like Medicare/Medicaid numbers, was also leaked along with personal info like addresses, Social Security numbers and passport details.

Ascension is in the process of informing those affected by the attack, with letters rolling out to victims over the next few weeks.

Ascension was not the only healthcare company hit by a ransomware attack in 2024 — UnitedHealth paid hackers $22 million after it was attacked early in the year, with over 100 million people affected.