Healthcare company Ascension lost sensitive data on nearly 5.6 million individuals in a cyberattack attributed to a notorious ransomware gang, according to documents filed with the Maine attorney general.
Ascension owns 140 hospitals and numerous assisted living facilities. In May, the organization was hit by an attack that caused massive disruption as staff were forced to switch to manual processes that caused errors, delayed or lost lab results, and diverted ambulances to other hospitals. Ascension managed to restore most services by mid-June. The company said at the time that the attackers stole protected health information and personally identifiable information from an undisclosed number of people.
Investigation completed
A filing by Ascension earlier in December showed that nearly 5.6 million people were affected by the breach. The data stolen depended on the specific individual, but included individuals' names and medical information (e.g., medical record numbers, dates of service, types of laboratory tests or procedure codes), payment information (e.g., credit card information or bank account numbers), insurance information (e.g., Medicaid/Medicare ID, policy number or insurance claim), government
identification (for example, social security numbers, tax identification numbers, driver's license numbers or passport numbers) and other personal information (such as date of birth or address).
