Millions of users possibly at risk after Ascension healthcare reveals new data breach, potentially linked to Cl0p ransomware

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
(Image credit: Getty Images)

  • A large healthcare organization has disclosed a data breach
  • Ascension was also hit by two significant breaches in 2024
  • The latest incident could be linked to the Cl0p ransomware attack

One of the biggest private healthcare systems in the US, Ascension, has notified patients that personally identifiable information (PII) including health data, was stolen in a previously unannounced attack affecting a former business partner in December 2024.

The incident follows a previous ransomware attack in May 2024, in which the sensitive data of six million patients, forcing the company to take systems offline, divert ambulances, and pause elective care in some places.

“On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. We immediately initiated an investigation to determine whether and how a security incident occurred,” Ascension confirmed in its breach notification.

Sensitive data exposed

Attackers reportedly gained access to sensitive information including the name, address, phone number(s), email address, date of birth, race, gender, and Social Security number (SSN), and even clinical and healthcare related information of some patients, depending on the individual.

“Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner. We have since reviewed our processes and are working to implement enhanced measures to prevent similar incidents from occurring in the future," the company confirmed.

This leaves anyone exposed at serious risk of social engineering attacks or identity theft, especially given that SSNs are involved. To assist anyone affected, Ascension is offering two years of free identity monitoring services including credit monitoring, fraud consultation, and identity theft restoration.

Although nothing is confirmed about the details of the incident, the timing and description of the incident suggest this could be linked to the Cl0p ransomware attack that abused a flaw in Cleo File Transfer software.

The group claimed 59 organizations were affected in the incident, so it’s certainly possible that Ascension is part of that list.

Via BleepingComputer

You might also like

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.