U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ascension reveals personal data of 437,329 patients exposed in cyberattack

A data breach at Ascension, caused by a former partner’s compromise, exposed the health information of over 430,000 patients. Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019. At the end of April, the company notified patients that their personal and health information […]

ascension

A data breach at Ascension, caused by a former partner’s compromise, exposed the health information of over 430,000 patients.

Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019.

At the end of April, the company notified patients that their personal and health information had been compromised in a December 2024 data breach suffered by a former business partner.

The data breach exposed personal and clinical data, including names, contact info, SSNs, and medical visit details. The company states that specific information varies by individual.

“On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. We immediately initiated an investigation to determine whether and how a security incident occurred.” reads the data breach notification sent to impacted individuals. “Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner.”

The company did not provide technical details about the security breach, however, the breach likely stems from Clop ransomware attacks exploiting a Cleo file transfer software flaw.

Ascension is offering two years of free identity monitoring, including credit monitoring, fraud support, and identity theft restoration through Kroll.

In a filing on April 29, the healthcare organization reported that the incident impacted 114,692 people in Texas and another 96 residents in Massachusetts.

Ascension disclosed in an April 28 filing with the U.S. Department of Health & Human Services (HHS) that the data breach affected 437,329 individuals.

However, Ascension confirmed in a filing with the U.S. Department of Health & Human Services (HHS) on April 28 that the data breach affected 437,329 individuals.

Unfortunately, this isn’t the first incident suffered by Ascension, in May 2024, the organization was hit by a Black Basta ransomware attack that severely impacted operations at hospitals in the country.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ascension)