Ascension cyber attack exposed medical data of 5.6 million customers

Health
By Liam

A May 8 cyberattack against healthcare giant Ascension resulted in the release of the medical data of 5.6 million customers, according to a filing with the Maine attorney general’s office. published on December 20.

WHY IT’S IMPORTANT
In June, the healthcare system determined that an attacker gained access to its systems after an employee at one of its facilities accidentally downloaded a malicious file, thinking it was legitimate.

The organization stated that there was no indication that the incident was anything other than an honest mistake.

Months of investigation with outside experts also led Ascension to determine that sensitive data from current and former patients, seniors and employees may have been exposed.

A December 19th announcement from Ascension noted that the compromised information varies by individual and may include medical details such as medical record numbers, dates of service, types of laboratory tests and procedure codes.

Payment information, including credit card or bank account numbers, insurance information ranging from Medicaid and Medicare IDs to policy numbers and claims, government identification, including Social Security numbers, tax IDs, driver’s licenses or passports, and personal information such as addresses and dates of birth may have been involved.

Ascension also confirmed that electronic health records and other key clinical systems, where complete patient records are securely stored, were lost during the attack.

THE BIG TREND

The other major healthcare breaches in 2024 include a cyberattack against Change Healthcare in February that affected 100 million people – the largest breach ever reported to federal regulators.

In April, Kaiser Permanente reported that 13.4 million people had been affected by a data breach publicly disclosed information about patients and plan members.

Meanwhile, legislation is being proposed to strengthen healthcare cybersecurity in the form of the Health Care Cybersecurity and Resiliency Act.

The bipartisan bill, introduced in November, would provide grants to healthcare organizations to help them strengthen their ability to prevent and respond to cyberattacks.

Meanwhile, governance remains a worrying weakness in healthcare, even as cyber attacks become more prominent and the risks of medical IoT devices come into sharper focus.

ON THE RECORD
Tim Rawlins, senior advisor and director of security at cybersecurity consultancy, NCC Group, noted that healthcare will always remain an attractive target given the vast amount of sensitive data that organizations hold and the need to make information available to the medical community as quickly as possible. staff.

“Basic cyber security measures, individual logins, multi-factor authentication and patched, secure and controlled systems will go a long way in preventing these attacks,” he said.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209

You might also like More from author