WICHITA, Kansas — An estimated 5.6 million people had personal information leaked during a May cyberattack against health care provider Ascension, according to the organization.
That makes the incident the third-largest breach of health care data reported in 2024.
The leaked information includes sensitive data including medical procedure codes and types of lab tests, as well as Social Security numbers and credit card information.
“Essentially, almost every piece of personally identifiable information that the patients had with Ascension seems to have been accessed and compromised,” said Kaustubh Medhe, vice president of research at the cyber threat-intelligence firm Cyble, which monitors activity on the dark web.
He said cybercriminals often try to use the stolen information to extract money from victims through sophisticated phishing attacks.
“Anytime such a large-scale data breach happens, we usually see this data coming up for sale on the dark web, typically within a year and a half of the actual breach occurring,” Medhe said.
The attack is linked to the cybercrime organization Black Basta, which has repeatedly targeted “critical infrastructure sectors” like health care, according to federal officials.
Current and former patients, senior living residents and employees were included in the breach. It’s unclear how many Kansans had information stolen. Ascension operates several hospitals, outpatient clinics and senior living facilities in the state.
The company said it began notifying people whose personal information may have been stolen by mail last week. It expects letters to arrive in the next few weeks.
“The data involved varies and cannot be confirmed for each individual,” Ascension said in a news release.
Ascension is offering victims two years of free credit monitoring.
The May 8 ransomware attack caused widespread disruptions to patient care across more than a dozen states, including at the organization’s Via Christi Wichita hospitals. Nurses told KMUW they were unable to access essential digital systems for weeks, such as one that reduces medication dosing errors.
Ascension says its facilities provided safe care throughout the impacted time period.
In a news release, Ascension thanked its clinicians for working during the cyberattack.
“The resilience and dedication shown by all our associates have been truly remarkable, and their embodiment of our Mission throughout this time has not gone unnoticed,” the company wrote.
Ascension says the breached information includes:
- Medical information such as medical record numbers, dates of service, types of lab tests and procedure codes
- Payment information such as credit card and bank account numbers
- Insurance information such as Medicaid/Medicare IDs, policy numbers and insurance claims
- Government identification such as Social Security numbers, tax identification numbers, driver’s license numbers and passport numbers
- Other personal information such as dates of birth and addresses
Rose Conlon reports on health for KMUW and the Kansas News Service.
The Kansas News Service is a collaboration of KCUR, KMUW, Kansas Public Radio and High Plains Public Radio focused on health, the social determinants of health and their connection to public policy.
Kansas News Service stories and photos may be republished by news media at no cost with proper attribution and a link to ksnewsservice.org.