Ascension Health Data Breach Affects over 5 Million Americans

Ascension Health, one of the largest faith-based healthcare organizations in the United States, recently experienced a significant data breach that has impacted millions of individuals. The breach was discovered on May 8, 2024, but it occurred on two separate occasions earlier in the year: February 29, 2024, and June 11, 2024.

The breach affected a staggering 5,599,699 individuals across the United States, making it one of the most severe healthcare data breaches in recent memory.

The exposed data includes highly sensitive personal and financial information.

The types of information compromised:

• Name of individual
• Address
• Social Security Number
• Driver’s license number
• Government-issued ID number (e.g., passport, state ID card)
• Financial information (e.g., account numbers, credit or debit card numbers)
• Medical information
• Health insurance information
• Date of birth
• Medical record number
• Date of service
• Types of lab tests
• Procedure codes
• Payment information
• Medicaid/Medicare ID
• Insurance claim details
• Tax identification number

The breach was disclosed to several state attorney general offices, including California, Maine, Massachusetts, and Texas. For example, the California Attorney General’s Office and the Texas Attorney General’s Office have published details about the incident. In Texas alone, 146,906 individuals were affected, while 658 individuals were impacted in Maine, according to the Maine Attorney General’s Office.

Ascension Health notified consumers about the breach on December 19, 2024, through written notices sent via U.S. mail and information posted on its website. The breach has raised serious concerns due to the volume and sensitivity of the data exposed, which includes medical and financial records that could be exploited for identity theft or fraud.

Ascension Health's response

In response to the breach, Ascension Health has taken several steps to address the incident and protect affected individuals. The company has notified state regulators, including the Massachusetts Attorney General’s Office, and provided detailed disclosures about the breach. Additionally, they have reached out to affected individuals through direct mail to inform them about the breach and provide guidance on next steps.

While Ascension Health has not disclosed specific details about the cause of the breach or how the attackers gained access to such a vast amount of sensitive data, the company is likely working to enhance its cybersecurity measures to prevent similar incidents in the future. It is also expected that they are offering resources, such as credit monitoring or identity theft protection services, to assist affected individuals, though this has not been explicitly confirmed in the information provided.

Steps to take if you are affected by the data breach

If you have received a notification from Ascension Health or believe you may have been affected by this data breach, it is crucial to take immediate action to protect yourself. Given the severity and scope of the exposed information, here are the steps you should follow:

1. Monitor your financial accounts and credit reports: Regularly check your bank accounts, credit card statements, and credit reports for any unauthorized transactions or suspicious activity. You can obtain free credit reports from AnnualCreditReport.com.
2. Place a fraud alert or credit freeze: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to place a fraud alert on your credit file. Alternatively, consider placing a credit freeze to prevent new accounts from being opened in your name.
3. Change passwords and enable two-factor authentication: If you use the same passwords for multiple accounts, update them immediately. Use strong, unique passwords and enable two-factor authentication for added security.
4. Be cautious of phishing attempts: Scammers may use your exposed information to send fraudulent emails or phone calls. Do not click on suspicious links or provide personal information to unknown sources.
5. Contact your health insurance provider: Notify your health insurance company about the breach and ask them to monitor your account for any fraudulent claims.
6. Consider identity theft protection services: If Ascension Health offers free credit monitoring or identity theft protection, take advantage of these services. If not, consider enrolling in a reputable service on your own.
7. File a report if necessary: If you suspect your identity has been stolen, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov and your local law enforcement.

Taking these steps can help mitigate the potential risks associated with this breach and safeguard your personal and financial information.