1. Forum
  2. FidoNet
  3. CONSPRCY

  • Millions of users possibl

    From Mike Powell@1:2320/105 to All on Thu May 1 10:28:00 2025
    Millions of users possibly at risk after Ascension healthcare reveals new
    data breach, potentially linked to Cl0p ransomware

    Date:
    Thu, 01 May 2025 13:25:59 +0000

    Description:
    Another data breach has been announced by healthcare giant Ascension

    FULL STORY

    One of the biggest private healthcare systems in the US, Ascension, has notified patients that personally identifiable information (PII) including health data, was stolen in a previously unannounced attack affecting a former business partner in December 2024.

    The incident follows a previous ransomware attack in May 2024, in which the sensitive data of six million patients , forcing the company to take systems offline, divert ambulances, and pause elective care in some places.

    On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. We immediately initiated an investigation to determine whether and how a security incident occurred, Ascension confirmed in its breach notification.

    Sensitive data exposed

    Attackers reportedly gained access to sensitive information including the
    name, address, phone number(s), email address, date of birth, race, gender,
    and Social Security number (SSN), and even clinical and healthcare related information of some patients, depending on the individual.

    Our investigation determined on January 21, 2025, that Ascension
    inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner. We have since reviewed our processes and are working to implement enhanced measures to prevent similar incidents from occurring in the future," the company
    confirmed.

    This leaves anyone exposed at serious risk of social engineering attacks or identity theft , especially given that SSNs are involved. To assist anyone affected, Ascension is offering two years of free identity monitoring
    services including credit monitoring, fraud consultation, and identity theft restoration.

    Although nothing is confirmed about the details of the incident, the timing
    and description of the incident suggest this could be linked to the Cl0p ransomware attack that abused a flaw in Cleo File Transfer software .

    The group claimed 59 organizations were affected in the incident, so its certainly possible that Ascension is part of that list.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/millions-of-users-possibly-at-risk-afte r-ascension-healthcare-reveals-new-data-breach-potentially-linked-to-cl0p-rans omware

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)