A May ransomware attack on Ascension, a U.S. healthcare giant with more than 140 hospitals and dozens of senior living facilities, allowed hackers to steal personal and sensitive health information on 5.6 million patients, according to a new filing with Maine’s attorney general. The cyberattack caused widespread disruption across its hospital system, with some staff describing harrowing lapses in healthcare as a result, including delayed or lost lab results, and medication errors.
The Black Basta gang was blamed for the attack, which saw the group steal patients’ medical information, like dates of service, lab tests, and procedure codes; payment information, such as credit card and bank account numbers; and reams of personal information, including patient names, addresses, and dates of birth. The hackers also stole patients’ identity documents, like driving licenses and passports. According to the Dept. of Health and Human Services’ list of data breach investigations, the Ascension hack ranks as the third-largest healthcare-related breach of 2024.
