Excerpt from Healthcare IT News Article, Published on Dec 26, 2024.
A cyberattack on healthcare giant Ascension on May 8 resulted in the exposure of sensitive medical data for approximately 5.6 million individuals, according to a filing with the Maine attorney general’s office on December 20. The breach occurred after an employee inadvertently downloaded a malicious file, mistaking it for a legitimate document. Ascension stated that the incident was due to human error, with no evidence suggesting malicious intent. Months of investigation with third-party cybersecurity experts revealed that sensitive data belonging to patients, senior living residents, and employees may have been compromised. The exposed data varies by individual but includes medical record numbers, dates of service, lab test types, procedure codes, and insurance information such as Medicaid and Medicare IDs, policy numbers, and claims.
Additionally, payment details like credit card and bank account numbers, personal identifiers such as Social Security numbers, driver’s licenses, and addresses were potentially accessed. However, Ascension confirmed that electronic health records (EHRs) and core clinical systems, where complete patient records are stored securely, remained unaffected. This breach is among several major healthcare cybersecurity incidents in 2024, including a February attack on Change Healthcare affecting 100 million individuals and an April breach at Kaiser Permanente impacting 13.4 million. The rising trend of cyberattacks targeting healthcare organizations has prompted legislative action, including the proposed Health Care Cybersecurity and Resiliency Act, which aims to provide grants to bolster cybersecurity defenses.
Tim Rawlins, senior adviser at NCC Group, emphasized the healthcare sector’s vulnerability, stating, “The sheer volume of sensitive data and the need for quick information access make healthcare a prime target. Basic cybersecurity measures like multi-factor authentication and secure systems are critical to preventing such breaches.” The Ascension breach highlights the urgent need for stronger governance and proactive cybersecurity measures to safeguard sensitive data in the healthcare sector.
To delve deeper into this topic, please read the full article Healthcare IT News.
