Ascension Health

On December 19, 2024, the Washington State Office of the Attorney General disclosed a **ransomware attack** targeting **Ascension Health**, initially detected on **May 8, 2024**. The breach compromised the personal data of **5,787 Washington residents**, exposing highly sensitive information, including **Social Security numbers (SSNs) and medical records**. The attack posed severe risks to affected individuals, as exposed SSNs and medical data can facilitate **identity theft, financial fraud, and targeted phishing scams**. Given the nature of the stolen data—health records in particular—the breach also raised concerns about **long-term privacy violations, potential blackmail, and misuse of medical histories**. Ascension Health, a major healthcare provider, faced **reputational damage, regulatory scrutiny, and potential legal liabilities** due to the failure to prevent the attack. The incident underscored vulnerabilities in healthcare cybersecurity, where ransomware groups increasingly target **critical patient data** for extortion. The exposure of such information not only harms individuals but also erodes trust in the organization’s ability to safeguard confidential records. Recovery efforts likely involved **forensic investigations, notification processes, credit monitoring for victims, and system reinforcements** to mitigate future threats.

Source: https://www.atg.wa.gov/data-breach-notifications | https://data.wa.gov/resource/sb4j-ca4h.json?id=18152

TPRM report: https://www.rankiteo.com/company/ascensionorg

"id": "asc547091725",
"linkid": "ascensionorg",
"type": "Ransomware",
"date": "5/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '5,787',
                        'industry': 'healthcare',
                        'location': 'United States (Washington residents '
                                    'affected)',
                        'name': 'Ascension Health',
                        'type': 'healthcare provider'}],
 'data_breach': {'number_of_records_exposed': '5,787',
                 'personally_identifiable_information': ['social security '
                                                         'numbers',
                                                         'medical information'],
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'protected health information '
                                              '(PHI)']},
 'date_detected': '2024-05-08',
 'date_publicly_disclosed': '2024-12-19',
 'description': 'On December 19, 2024, the Washington State Office of the '
                'Attorney General reported a data breach involving Ascension '
                'Health, discovered on May 8, 2024. The breach was caused by a '
                'ransomware attack affecting approximately 5,787 Washington '
                'residents and potentially exposing personal information, '
                'including social security numbers and medical data.',
 'impact': {'data_compromised': ['social security numbers',
                                 'medical information'],
            'identity_theft_risk': 'high'},
 'references': [{'date_accessed': '2024-12-19',
                 'source': 'Washington State Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Washington State '
                                                        'Office of the '
                                                        'Attorney General']},
 'title': 'Ascension Health Ransomware Attack and Data Breach (2024)',
 'type': ['ransomware', 'data breach']}