Ascension Healthcare suffers massive data breach impacting 5.6 million patients. Black Basta ransomware attack exposes sensitive health, payment, and personal data.

Continue reading
Ascension, one of the largest private healthcare networks in the U.S., has confirmed that nearly 5.6 million patients and employees have been affected by a Black Basta ransomware attack. The breach, which occurred in May 2023, compromised highly sensitive personal and health-related information, sparking alarm across the healthcare industry.
On May 8, 2023, Ascension detected unauthorized activity on its systems, which triggered an immediate investigation. According to official reports, the cyberattack resulted from an employee mistakenly downloading a malicious file onto a company device, thereby enabling the ransomware attack.
While Ascension was quick to respond, the attack crippled its MyChart electronic health records system, halting operations and forcing the healthcare system to temporarily switch to manual records. Some non-emergent procedures, tests, and appointments were paused, and emergency medical services had to be redirected to prevent triage delays.
The cyberattack has exposed a wide range of sensitive information, affecting nearly 5.6 million individuals. The compromised data includes:
This data breach represents a significant threat to personal security, making affected individuals vulnerable to identity theft, financial fraud, and medical identity theft.
In a bid to mitigate the damage, Ascension is offering 24 months of free identity theft protection services to the 5.6 million affected individuals. The company has partnered with IDX, a leading identity theft protection service, which will provide CyberScan monitoring and a $1 million insurance reimbursement policy.
Ascension promptly notified key law enforcement agencies, including the FBI and CISA, about the breach. The company’s internal investigation, supported by top cybersecurity experts, revealed the depth of the compromise, confirming the involvement of Black Basta, a notorious ransomware group that has accelerated attacks against the healthcare sector.
Black Basta, which first emerged in April 2022, has rapidly become one of the most dangerous and profitable ransomware operations. Known for targeting high-profile organizations worldwide, this cybercrime group has successfully breached several major companies, including:
According to joint research from Elliptic and Corvus Insurance, Black Basta has raked in over $100 million from more than 90 victims until November 2023, and it continues to pose a significant threat to the healthcare sector.
This breach highlights the escalating cybersecurity risks faced by healthcare systems, which store massive amounts of personal and sensitive data. Experts warn that the Black Basta ransomware group could target more healthcare institutions, amplifying the need for enhanced cybersecurity measures across the sector.
As ransomware gangs like Black Basta continue to evolve and target healthcare networks, institutions must prioritize cyber resilience and data protection protocols to safeguard patient and employee data from future attacks.
While Ascension has already started notifying affected individuals and offering identity protection, the road to recovery will be long. The healthcare system has vowed to bolster its cybersecurity defenses to prevent future breaches and protect its vast network of patients and employees.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation