Ascension Health’s latest data breach exposes 437,000 patients’ data via a third-party vendor flaw. Learn about the risks, response, and how to protect yourself.

Continue reading
Ascension, one of the largest private healthcare systems in the U.S., has disclosed a massive data breach impacting 437,329 patients, with sensitive personal and medical information stolen through a former business partner’s compromised systems. The breach, linked to a third-party software vulnerability, marks the second major cybersecurity incident for the healthcare giant in less than a year.
According to breach notifications sent to affected patients in April 2025, hackers accessed:
The stolen data could enable identity theft, insurance fraud, or targeted phishing attacks, underscoring risks for impacted individuals.
While Ascension did not name the partner, cybersecurity experts suspect links to Clop ransomware’s widespread attacks in late 2024, which exploited a zero-day flaw in Cleo file transfer tools.
The healthcare provider is offering impacted patients:
In a statement, Ascension emphasized it _“immediately initiated an investigation”_ upon discovering the incident and has since _“strengthened third-party vendor oversight.”_
Repeat Cybersecurity Challenges This breach follows a May 2024 Black Basta ransomware attack that exposed data of 5.6 million patients and employees. That incident, caused by an employee downloading a malicious file, forced Ascension hospitals to:
The repeat breaches highlight systemic vulnerabilities in healthcare cybersecurity, particularly risks posed by third-party vendors.
Broader Implications for Healthcare Security With Ascension operating 142 hospitals and 40 senior facilities across North America and reporting $28.3 billion in 2023 revenue, the breach underscores critical challenges:
“Healthcare organizations must adopt zero-trust frameworks and rigorously audit vendors,” as advised.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation