The data of 5.6 million people was stolen in the ransomware attack on the American healthcare giant Ascension Health, the organization informed the attorney general of the US state of Maine. This makes it one of the largest data breaches in American healthcare in the past two years. Ascension operates one hundred and forty hospitals in nineteen US states. In early May, the organization’s network was hit by a ransomware attack, forcing it to divert ambulances to some hospitals. Some operations, tests and appointments were also rescheduled.
The attack also captured “certain files” containing personal information of patients and employees. This concerns name, address details, date of birth, medical information (laboratory results, treatment codes, treatment date and medical file number). payment information (credit card details or bank account number), insurance information and government identification (social security number, tax identification number, driver’s license number or passport number).
In June, Ascension claimed it had determined how the attacker gained access to the systems. “An employee at one of the facilities accidentally downloaded a file that he thought was legitimate. We have no reason to believe it was intentional,” the healthcare giant said, calling it an “honest mistake.” No further details were given.
